David Brownlee <abs%absd.org@localhost> writes: >> This really bears on the question of whether openssl3 is optional or >> required. Right now netbsd 9 has 1.1.1 and that's likely to continue, >> and I don't think it's good to force those systems that to move to 3, >> especially since 3 has at this point been out less than a month. > > Adding mk/ssl.buildlink3.mk now does not require any decision on > whether and when some or all systems switch to openssl3. What I meant was that being able to select versions requires adding a mk/bl3, not that adding a mk/bl3 forces anything. > It does: > - split changes to use mk/ssl.buildlink3.mk from changes to make > things work under openssl3 (akin to making a refactoring pass to > rename methods as a separate commit to adding functionality :) > - make it reasonable to add security/openssl3 to pkgsrc and to give an > easier way for people to test openssl3 before it's ready for general > switch > - allow more nuance on choosing openssl1 vs 3 on a platform and system basis I think that's all good. It's clear that there are people that want openssl3 now and people that want to stay with 1.1.1 for now, as it has upstream support and everything works. And, netbsd-current is likely going to get openssl3 soon. > The initial commit could be as simple as adding a mk/ssl.buildlink3.mk > which unconditionally includes ../../security/openssl/buildlink3.mk, > plus an extra check to pkglint Having a mk/bl3 and a switch for openssl 1.1.1 vs 3 (one global switch) with platform-specific defaults sounds like a reasonable near-term approach. Barring objections, which I don't expect, if you are inclined to start on this, that sounds good.
Attachment:
signature.asc
Description: PGP signature