Opened 7 years ago
Closed 6 years ago
#55772 closed defect (wontfix)
textmate2 @2.0-rc.4 links with openssl statically
| Reported by: | ryandesign (Ryan Carsten Schmidt) | Owned by: | neverpanic (Clemens Lang) |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | |
| Keywords: | Cc: | ||
| Port: | textmate2 |
Description
textmate2 @2.0-rc.4 links with openssl's static libraries, so it does not benefit from openssl updates and security fixes until textmate2's revision is increased. It would be better if textmate2 would link with openssl's dynamic libraries so that it receives openssl fixes immediately without needing to be rebuilt.
Change History (3)
comment:1 Changed 7 years ago by neverpanic (Clemens Lang)
comment:2 Changed 7 years ago by ryandesign (Ryan Carsten Schmidt)
Well we're not patching it yet. But I intend to look into patching it and discussing it with the developers.
comment:3 Changed 6 years ago by neverpanic (Clemens Lang)
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
I agree this is suboptimal, but I don't want to spend time patching this against the decisions of upstream.
Note: See
TracTickets for help on using
tickets.
Yeah, I noticed that. I'm not sure we should spend time on reversing upstream's deliberate change on that. Fortunately, it seems it only uses
libcrypto, notlibssl, so it's probably only for encryption and decryption, not for TLS connections.I don't really want to keep patching textmate2 forever. Ideally, upstream either agrees that they should link dynamically, or we should stop patching it.