[MacPorts] #51516: MacPorts should use a bundled copy of a newer libcurl and SSL library rather than the OS X version
MacPorts
noreply at macports.org
Fri Dec 3 05:03:27 UTC 2021
#51516: MacPorts should use a bundled copy of a newer libcurl and SSL library
rather than the OS X version
--------------------------+--------------------------------
Reporter: ryandesign | Owner: macports-tickets@…
Type: enhancement | Status: new
Priority: Normal | Milestone: MacPorts Future
Component: base | Version:
Resolution: | Keywords:
Port: |
--------------------------+--------------------------------
Comment (by danielluke):
Replying to [comment:72 devernay]:
> I would even consider it a security issue at this point, since "All
older versions [of openssl] (including 1.1.0, 1.0.2, 1.0.0 and 0.9.8) are
now out of support and should not be used." - from
https://www.openssl.org/source/
>
> Any software that currently ships (including MacPorts) should not use
any of these versions, and thus not use the system's curl on older
systems.
The security issue is trying to run an old, unsupported macOS version that
is no longer receiving patches from Apple. If you insist on doing that,
you can work-around it. I don't think MacPorts should be in the business
of providing OS patches after Apple stops, and I don't think it should be
in the business of encouraging people to run obsolete OS versions.
--
Ticket URL: <https://trac.macports.org/ticket/51516#comment:73>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list