Feds put heat on Web firms for master encryption keys

[Riad S. Wahby]

grarpamp <grarpamp at gmail.com> wrote:
> Unfortunately port/package repos can be a bit behind
> state of the art. Locally... untar ; ./configure ; make
> is not that hard to learn.

I have no problem with building anything and everything on my own if I
have to, and I've done Linux From Scratch before, but there is an
*immediate* increase in maintenance headache associated with breaking
out of the package manager, especially in distributions like debian
where there isn't much of a premium on flexibility.

But in the worst case, yes, of course!

> > So the many servers where OpenSSL isn't getting upgraded any
> > time soon can't do it either.
> 
> I've only found compiling new software on old systems to be
> a problem like this. ie: 1.0.1 won't compile on them. I grant that
> it can be hard to migrate off old platforms.

I've done some godawful things before like build new versions of libc
and run chrooted out of my homedir on machines with outdated software.
It is doable, but it is very painful.

There are plenty of tools that make this a lot easier, though: you can
use vagrant to painlessly get a modern distribution running inside
VirtualBox, assuming you can get the latter running on your machine.
These approaches aren't particularly high performance, but we're
obviously optimizing for something else in this case.

> Legitimately squeaky wheels get greased first.

Provide a patch with your bug report. Never underestimate the power of
an easily-closed ticket.

-=rsw