Bug#827061: Please commit to OpenSSL 1.0.2 in stretch now not constantly re-evaluateing

To: 827061@bugs.debian.org
Subject: Bug#827061: Please commit to OpenSSL 1.0.2 in stretch now not constantly re-evaluateing
From: Sam Hartman <hartmans@debian.org>
Date: Mon, 31 Oct 2016 11:16:38 -0400
Message-id: <[🔎] tslr36wk0q1.fsf@mit.edu>
Reply-to: Sam Hartman <hartmans@debian.org>, 827061@bugs.debian.org

My understanding of the current plan is that we're adding openssl 1.1.0
to unstable, but will make a decision about whether to drop libssl1.0.2
later.

That's really frustrating for the rest of the ecosystem--our users and
our upstreams, and I'd ask the release team to commit now to 1.0.2 being
available for stretch.


At least one of the clusters of packages I'm involved in--shibboleth and
moonshot will require some real upstream porting effort.
That's under way in a time scale that will work for  buster, but is very
unlikely to meet the stretch freeze timeline.

It's possible that resources could be reprioritized and that with a
fairly agressive scramble, we could get things working with OpenSSL 1.1
in time for stretch.
However money and time are finite.
That would take away from other priorities and would have significant
risks in terms of stability.

Debian matters in the larger ecosystems, and we owe it to our upstreams
and our users to decide now whether we're asking people to make those
sort of mad scrambles.
I think we should not.  Regardless, decisions now matter.

Thanks for your consideration,

--Sam

Reply to:

Prev by Date: Re: Release Architectures for Debian 9 'Stretch'
Next by Date: Bug#842506: transition: geos
Previous by thread: Re: Release Architectures for Debian 9 'Stretch'
Next by thread: Processed: Re: [gcc-6] Fails to compile OpenWrt/LEDE prereq-build
Index(es):
- Date
- Thread