Hi, Just random thoughts…
Kurt Roeckx <k...@roeckx.be> (2016-11-01): > I just uploaded OpenSSL 1.1.0 to unstable. There are still many > packages that fail to build using OpenSSL 1.1.0. For most packages > it should be easy to migrate 1.1.0. The most common problems when > going to OpenSSL 1.1.0 are: > - configure trying to detect a function that's now a macro. > - Accessing members of structures that have now become opaque. You > now need to use function to get or set them. > > The changes required are ussually very easy and do not take a long > time to implement. > > Many upstream projects have already done the work or are working > on it. Fedora is also doing the OpenSSL 1.1.0 migration. So both > places are a good place to look at to see if they have already > done the work. > > There might also be packages for which the changes are more > involved and that can't be fixed in time for the release. If you > want to stay with OpenSSL 1.0.2 you need to change your Build-Depends > from libssl-dev to libssl1.0-dev. > > I would like to encourage that at least the packages that are > making use of libssl and not just libcrypto move to OpenSSL 1.1.0 > because it contains important new features. It adds support for > among other things of: > - Extended master secret: This fixes the triple handshake problem > in TLS. > - Chacha20-poly1305 > - X25519 Things that work fine for this kind of transitions (hello, new gcc upstream releases) include: - pointers to upstream release notes; - pointers to porting guides; - pointers to existing patches for common fixes if the former don't exist just yet (but then that would be a rather unprepared move). (Mentioning “many upstream projects” and “Fedora” is better than nothing but isn't as helpful as what I've listed above.) > If you have any problems feel free to contact us. - are “you” <pkg-openssl-de...@lists.alioth.debian.org>? KiBi.
signature.asc
Description: Digital signature