Re: OpenSSL 1.1.0
Am Mittwoch, den 29.06.2016, 22:38 +0200 schrieb Pau Garcia i Quiles:
> If possible, I would rather have both 1.0.2 and 1.1.0 in the archive,
> and move to 1.1.0 as upstream moves. I do not feel comfortable at all
> touching security-related stuff, it's not my specialty. Even less if
> we are talking about OpenSSL, known not to be the most friendly and
> intuitive APIs.
I'd like to second this. Working on a patch for qt4 taught me that this
transition is not going to be easy, and in this very case especially so
since during the qt4 package build no test suite is run to verify that
the changes don't break anything.
I can understand that supporting two version of the library would be a
quite a burden, this is quite clear from just looking a the large
number of patches both packages carry, but considering that the Stretch
freeze is supposed to happen in less than six month, forcing a
transition now doesn't seem to be such a good idea to me.