Charalampos Stratakis <cstra...@redhat.com> writes: > Unfortunately that effort is moot, it's really not possible to make > python2.7 compatible with OpenSSL 3.0.0, I mean even the latest Python > versions are not 100% compatible for various reasons. > > In trying to make it compatible there are also ABI changes introduced, > it's not only about having the tests pass. The ssl module is already > complex enough in backporting changes from the master Python branch to > previous 3.x versions, doing that for 2.7 without a full fledged > effort from SSL and the Python C API experts guarantee there's gonna > be regressions. And that's not even taking into account the security > implications of randomly cherry-picking commits just to have the > package compile.
I'm having trouble understanding this because Debian seems to have carried out what you're saying is impossible: in testing, they ship a python2.7 that appears to be using openssl 3, and do not ship openssl 1.1 at all. There are also a handful of clearly openssl 3-related patches in their tree https://salsa.debian.org/cpython-team/python2/-/tree/master/debian/patches Have folks looked at how they do this, and whether we could adapt it to Fedora? Be well, --Robbie
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
