tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: openssl 3

Martin Husemann <> writes:

> On Thu, Sep 30, 2021 at 08:44:22AM -0400, Greg Troxel wrote:
>> What are people thinking about
>>   updating openssl to 3.0.0 in current
> Yes, someone(tm) should do that! Early to catch fallout quickly, but
> we'd need commitment from the pkgsrc team to make pkgsrc usefull with
> that. I don't think we need to sequence this, thing will follow naturally
> from people hitting more fallout.

My impression is that work to make things build with 3.0.0 is in
progress, but that the fallout from a (not committed, in testing) switch
is over 5000 packages.  But I expect that will rapidly get better.

So if netbsd-current moves to openssl3 before pkgsrc is ready, that's
going to cause a lot of packages to break on current.   So then people
who care can fix them, as usual.

The real question is what kind of pace of update is best, as maintained
upstreams are going to make releases that work with openssl3, and not
being first makes life easier.

I suspect in a few weeks we'll have a better idea.

>>   pulling up openssl 3 to 9?
> We can't do that. Instead, at some point (probably a bit past the two
> years 1.1 will still receive updates) we will have to bite and switch
> netbsd-9 over to pkgsrc based openssl.

I don't know what you mean exactly.   Certainly at some point pkgsrc
builds on 9 will use pkgsrc openssl.  Perhaps long before that.   But I
don't see how e.g. postfix in base is going to use pkgsrc openssl.

> It is a pitty that security projects like openssl don't care for ABI
> compatibility.

Indeed.  Even API compat would be a big improvement.

Attachment: signature.asc
Description: PGP signature

Home | Main Index | Thread Index | Old Index