On 19.02.2018 15:49, Kamil Rytarowski wrote:
> On 19.02.2018 11:43, Thomas Klausner wrote:
>> Hi!
>>
>> Since openssl changed their API from 1.0 to 1.1, many programs need
>> patches to work; however, they don't seem to exist (yet) or upstream
>> decided not to support 1.1. For example, this seems to be the case for
>> python-3.4.x (3.5+ is ok), ruby-2.2 (ruby 2.4+ is ok, 2.3 is
>> patchable), php-5.6 (php-7+ is ok), ffmpeg2 (ffmpeg3 is fine), and
>> some other smaller packages.
>>
>> Some distributions also provide openssl-1.0 packages, installed into a
>> separate sub-prefix (${PREFIX}/include/openssl-1.0 or so).
>>
>> Do we want to go that way as well?
>>
>> For leaf packages, I think that would be an appropriate solution, but
>> I worry for other packages that you might end up with a mix of
>> openssl-1.1 and openssl-1.0 libraries in the same binary.
>>
>> Thomas
>>
>
> I propose to drop incompatible packages unless they are crucial and we
> can port them.
>
> I will have a look at ffmpeg2 and try to port it to OpenSSL 1.1.
>
> I noted that there are distros with patches (Debian?) to support newer
> OpenSSL.
>
I've iterated over ffmpeg2's reverse-dependencies and it looks like
there are either dead packages or old versions. The proper approach
looks like to just upgrade what's still upgradeable and remove dead
software followed by removal of ffmpeg2.
Attachment:
signature.asc
Description: OpenPGP digital signature