tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: openssl 3

nia <> writes:

> There are likely problems mixing different OpenSSL shared object
> versions in pkgsrc, no?

If you mean openssl 1.1.1 in base, and (eventually) 3 in pkgsrc, with


and things in base linked with base, things in pkgsrc linked with
pkgsrc, and some mess with both in the same binary, then agreed that
this is going to be not good, but maybe not super terrible in practice.

> If NetBSD 10 is to have OpenSSL 1.1 I think it's critical we
> establish a flow for maintaining it in the long term (whether
> it's by pulling patches from Red Hat, etc), so it doesn't rot
> like netbsd-8.

Agreed.  I think we're headed for openssl 3 being security/openssl3 and
some way to select 1.1.1 vs 3 (globally for pkgsrc), with builtin
processing to use base isntead for both cases, and choosing pkgsrc
different from base not really being supported, but non-gross patches
that don't break other cases welcome.

That leaves the "who is going to patch 1.1.1 after openssl project
stops" open, but I think ti's the usual "people who care, grabbing
patches from other places that care" and we'll muddle through.

Does that sound reasonable to you?  To others?

Attachment: signature.asc
Description: PGP signature

Home | Main Index | Thread Index | Old Index