[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: openssl transition

On Sat, Oct 29, 2016 at 10:04:21PM +0200, Christian Seiler wrote:
> Well, ideally it'll compile with both OpenSSL 1.0.2 and 1.1 and
> therefore be binNMU-able. (This has the advantage that such a
> patch is much more likely to get accepted by upstream.) In that
> case you can upload a version that Closes: #nnn the RC bug.

It turned out my packages were easy, they just needed OPENSSL_API_COMPAT to be
defined accordingly. However, I don't think all upstreams will work like this.
I can easily see some just requiring OpenSSL 1.1 and change the code
accordingly. And I doubt it's wise for us to require packages to be patched to
compile with the old version of OpenSSL, too.

> (Also, if you ever want to backport stuff to jessie-backports, it
> is necessary to still support building against OpenSSL 1.0 even
> after the transition. That's not something relevant for all
> packages, as not everything is going to be backported, but there
> are definitely some packages that will be affected.)

What prevents us from backporting OpenSSL?

Michael
-- 
Michael Meskes
Michael at Fam-Meskes dot De, Michael at Meskes dot (De|Com|Net|Org)
Meskes at (Debian|Postgresql) dot Org
Jabber: michael at xmpp dot meskes dot org
VfL Borussia! Força Barça! Go SF 49ers! Use Debian GNU/Linux, PostgreSQL
Reply to: