[MacPorts] #51516: MacPorts should use a bundled copy of a newer libcurl and SSL library rather than the OS X version
MacPorts
noreply at macports.org
Tue Aug 9 13:13:52 UTC 2022
#51516: MacPorts should use a bundled copy of a newer libcurl and SSL library
rather than the OS X version
--------------------------+--------------------------------
Reporter: ryandesign | Owner: macports-tickets@…
Type: enhancement | Status: new
Priority: Normal | Milestone: MacPorts Future
Component: base | Version:
Resolution: | Keywords:
Port: |
--------------------------+--------------------------------
Comment (by jerryyhom):
Thanks for the feedback. Presumably, there are over a dozen people
interested in this issue, and since I am not experienced with macports
base, am genuinely interested to hear objections people might have.
Otherwise, I wonder why this issue is stalled when most of the development
work has been done.
Ken noted the issue of macports's security. I think the issue is more
fundamental. Assuming macports wants to operate on older systems, TLS has
become a necessary feature. The Apple guideline I referenced above even
recommends bundling your own ssl lib instead of relying upon the builtin
ssl lib.
I certainly appreciate that many macports maintainers have put in
significant effort to keep operating on older systems. Setting aside the
issue of TLS as a necessary feature, what are the security concerns? I am
genuinely asking because I think we all agree security is important, but
not all of us are security experts. Again, I'm hoping to nudge this issue
forward with constructive dialogue.
--
Ticket URL: <https://trac.macports.org/ticket/51516#comment:97>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list