Martin Husemann <martin%duskware.de@localhost> writes: > On Thu, Sep 30, 2021 at 08:44:22AM -0400, Greg Troxel wrote: >> What are people thinking about >> >> updating openssl to 3.0.0 in current > > Yes, someone(tm) should do that! Early to catch fallout quickly, but > we'd need commitment from the pkgsrc team to make pkgsrc usefull with > that. I don't think we need to sequence this, thing will follow naturally > from people hitting more fallout. My impression is that work to make things build with 3.0.0 is in progress, but that the fallout from a (not committed, in testing) switch is over 5000 packages. But I expect that will rapidly get better. https://us-east.manta.joyent.com/pkgsrc/public/reports/trunk/bulktest/20210928.1522/meta/report.html So if netbsd-current moves to openssl3 before pkgsrc is ready, that's going to cause a lot of packages to break on current. So then people who care can fix them, as usual. The real question is what kind of pace of update is best, as maintained upstreams are going to make releases that work with openssl3, and not being first makes life easier. I suspect in a few weeks we'll have a better idea. >> pulling up openssl 3 to 9? > > We can't do that. Instead, at some point (probably a bit past the two > years 1.1 will still receive updates) we will have to bite and switch > netbsd-9 over to pkgsrc based openssl. I don't know what you mean exactly. Certainly at some point pkgsrc builds on 9 will use pkgsrc openssl. Perhaps long before that. But I don't see how e.g. postfix in base is going to use pkgsrc openssl. > It is a pitty that security projects like openssl don't care for ABI > compatibility. Indeed. Even API compat would be a big improvement.
Description: PGP signature