Ondřej Surý <ond...@sury.org> writes: > And this is happening all over places (apache2 vs php7.0) - I don't > think we can have a partial transition. It's now all or nothing.
xml-security-c has not yet been ported to OpenSSL 1.1 upstream (which is non-trivial), and we're now at an impasse in the Shibboleth suite because cURL is using 1.1, but xml-security-c and Apache both need 1.0. I agree with Ondřej: the current transition state is not releasable. We need to figure out something else. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/>
