This is a software engineering question, not a security question and hence here. openssl 3.0.0 is out, and it has a lot of compat issues. I hear that openssl 1.1.1 only has two years of maintenance left. history: 8 was released in July 2018 and 9 in february 2020. At that pace, 10 will be released in September 2021, but there are only 12 hours left :-) I observe that 10, if released in April 2022 (just making that up), can be expected to need support until mid 2026. And 9 will need support until 2024. Hence, I'm going to ignore 8, as it will be out of support long before 1.1.1 is desupported upstream (but don't quote on that in fall of 2023). What are people thinking about updating openssl to 3.0.0 in current if so, the effects on building pkgsrc and how to sequence that pulling up openssl 3 to 9? I am guessing: pkgsrc needs to be able to cope with 3.0.0 first openssl 3.0.0 should go in current, for 10 9 and esp 8 will not get pullups. It's an ABI break and not allowed. (Asking with pkgsrc-pmc hat on as we have similar questions in pkgsrc and all of this is a bit tangled.)
Attachment:
signature.asc
Description: PGP signature