[Pkg-openssl-devel] OpenSSL 1.1.0
Bernd Zeimetz
bernd at bzed.de
Thu Nov 17 21:32:34 UTC 2016
Hi,
>
> OpenSSL 1.0 + 1.1
> ==============
>
> * Every package will be buildable but we can expect surprises on
> runtime due to dlopen'ed libraries, indirect use, etc
> * Release delay seems certain but difficult to determine
> * Even with a release delay, we cannot be 100% sure all the rutnime
> surprises will be gone
> * We need to support 2 versions of OpenSSL and be prepared for
> third-party applications (not included with Debian) to fail due to
> runtime surprises
> * Different support cycles upstream (one LTSL, one not)
> * We will be providing both versions of OpenSSL for the end-user to
> choose (when he has the knowledge)
I think releasing with 1.0+1.1 makes sense, but without forcing 1.1 to
be the default. Single packages which support 1.1 very well should be
able to use it, but maintainers should not be forced to even try to
migrate to a new version.
This would even make it possible to backport packages to support the new
OpenSSL version. Maybe even apache2. In the meantime people could use
haproxy in front of it, or whatever else they like.
Having ChaCha20 is nice, but delaying a release for it is not an option
(hint: people won't be able to use ChaCha20 while they are waiting for a
release... :))
best regards,
Bernd
--
Bernd Zeimetz Debian GNU/Linux Developer
http://bzed.de http://www.debian.org
GPG Fingerprint: ECA1 E3F2 8E11 2432 D485 DD95 EB36 171A 6FF9 435F
More information about the Pkg-openssl-devel
mailing list