Jonathan Perkin <jperkin%joyent.com@localhost> writes: > With 2021Q4 on the way which I will be maintaining as an LTS release, > I'd like to get security/openssl bumped to version 3.0.0 at some point > before the branch so that it remains supported for the lifetime of the > release, and am also working on upgrading my primary compiler to GCC > 10.3.0. Moving to 3.0.0 sounds reasonable. I am underclued on openssl releases, pause to read. Others may also want to look at https://www.openssl.org/blog/blog/2021/09/07/OpenSSL3.Final/ https://www.openssl.org/docs/man3.0/man7/migration_guide.html data points and questions 3.0.0 is the release after 1.1.1 as usual they made a bunch of changes and there's a bunch of work to do so that things build, and some will have to be ifdefed to work with 1.1.1 and 3.0.0 both we need to think if we are doing "either 1.1.1 or 3.0.0 is acceptable" so that packages need to be patched to compile with either, or if we mean "we will force-depend on 3". I am guessing it's "either is ok" because lots of systems will have 1.1.1 and maintained upstreams are going to have to patch that way. a big question is, separate from your LTS schedule, how much of upstreams will have micros that work with 3 in time, vs how many need patching. I don't see wip/openssl at 3.0.0, which is how most people would build a not-yet-in-pkgsrc version, together with some variable to force pkgsrc openssl after it's installed, and a note explaining that, so they too can play the "catch up with API breaks" game. looks like the bulk build has a fair bit of trouble to fix, assuming one without older openssl is almost entirely ok
Attachment:
signature.asc
Description: PGP signature