tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: OpenSSL 3.0.0 compatibility

Jonathan Perkin <> writes:

> With 2021Q4 on the way which I will be maintaining as an LTS release,
> I'd like to get security/openssl bumped to version 3.0.0 at some point
> before the branch so that it remains supported for the lifetime of the
> release, and am also working on upgrading my primary compiler to GCC
> 10.3.0.

Moving to 3.0.0 sounds reasonable.  I am underclued on openssl releases,
pause to read.  Others may also want to look at

data points and questions

  3.0.0 is the release after 1.1.1

  as usual they made a bunch of changes and there's a bunch of work to
  do so that things build, and some will have to be ifdefed to work with
  1.1.1 and 3.0.0 both

  we need to think if we are doing "either 1.1.1 or 3.0.0 is acceptable"
  so that packages need to be patched to compile with either, or if we
  mean "we will force-depend on 3".  I am guessing it's "either is ok"
  because lots of systems will have 1.1.1 and maintained upstreams are
  going to have to patch that way.

  a big question is, separate from your LTS schedule, how much of
  upstreams will have micros that work with 3 in time, vs how many need

  I don't see wip/openssl at 3.0.0, which is how most people would build
  a not-yet-in-pkgsrc version, together with some variable  to force
  pkgsrc openssl after it's installed, and a note explaining that, so
  they too can play the "catch up with API breaks" game.

  looks like the bulk build has a fair bit of trouble to fix, assuming
  one without older openssl is almost entirely ok

Attachment: signature.asc
Description: PGP signature

Home | Main Index | Thread Index | Old Index