Re: OpenSSL 1.1.0

[Adrian Bunk <bunk@stusta.de>]

On Tue, Nov 15, 2016 at 09:37:01AM -0300, Lisandro Damián Nicanor Pérez Meyer wrote:
> On lunes, 14 de noviembre de 2016 16:51:04 ART Marco d'Itri wrote:
> > On Nov 14, Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com> wrote:
> > > And yes, I would step back and switch libssl-dev to provide libssl1.0-dev
> > > and have libssl1.1-dev around for anyone who can really do the switch.
> > I would not: OpenSSL 1.0 does not support ChaCha20 so it would be a very
> > bad default for next year's release.
> > Bad enough that I would have to use a different distribution for some
> > web servers.
> 
> That's why I wrote:
> 
>   And if we **really** need to switch to libssl1.1 then we **really** need to
>   delay the release by 6 months as a very minimum, maybe 1 year.
> 
> Yes, I also know that it sounds awful, but do we have another way out?

Yes, patching the OpenSSL 1.1 features that are really needed into the
Debian OpenSSL 1.0.2 package.

For ChaCha20 that's existing patches that are already being used
elsewhere.

cu
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed