tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

openssl 3

This is a software engineering question, not a security question and
hence here.

openssl 3.0.0 is out, and it has a lot of compat issues.
I hear that openssl 1.1.1 only has two years of maintenance left.

history: 8 was released in July 2018 and 9 in february 2020.  At that
pace, 10 will be released in September 2021, but there are only 12 hours
left :-)

I observe that 10, if released in April 2022 (just making that up), can
be expected to need support until mid 2026.  And 9 will need support until

Hence, I'm going to ignore 8, as it will be out of support long before
1.1.1 is desupported upstream (but don't quote on that in fall of 2023).

What are people thinking about

  updating openssl to 3.0.0 in current

  if so, the effects on building pkgsrc and how to sequence that

  pulling up openssl 3 to 9?

I am guessing:

  pkgsrc needs to be able to cope with 3.0.0 first

  openssl 3.0.0 should go in current, for 10

  9 and esp 8 will not get pullups.  It's an ABI break and not allowed.

(Asking with pkgsrc-pmc hat on as we have similar questions in pkgsrc
and all of this is a bit tangled.)

Attachment: signature.asc
Description: PGP signature

Home | Main Index | Thread Index | Old Index