In article ,
Greg Troxel wrote:
>-=-=-=-=-=-
>
>
>This is a software engineering question, not a security question and
>hence here.
>
>openssl 3.0.0 is out, and it has a lot of compat issues.
>I hear that openssl 1.1.1 only has two years of maintenance left.
>
>history: 8 was released in July 201
Martin Husemann writes:
>> I don't know what you mean exactly. Certainly at some point pkgsrc
>> builds on 9 will use pkgsrc openssl. Perhaps long before that. But I
>> don't see how e.g. postfix in base is going to use pkgsrc openssl.
>
> Right, so the admin of an affected machine would ha
On Thu, Sep 30, 2021 at 09:18:23AM -0400, Greg Troxel wrote:
> The real question is what kind of pace of update is best, as maintained
> upstreams are going to make releases that work with openssl3, and not
> being first makes life easier.
>
> I suspect in a few weeks we'll have a better idea.
I
Martin Husemann writes:
> On Thu, Sep 30, 2021 at 08:44:22AM -0400, Greg Troxel wrote:
>> What are people thinking about
>>
>> updating openssl to 3.0.0 in current
>
> Yes, someone(tm) should do that! Early to catch fallout quickly, but
> we'd need commitment from the pkgsrc team to make pkgs
On Thu, Sep 30, 2021 at 08:44:22AM -0400, Greg Troxel wrote:
> What are people thinking about
>
> updating openssl to 3.0.0 in current
Yes, someone(tm) should do that! Early to catch fallout quickly, but
we'd need commitment from the pkgsrc team to make pkgsrc usefull with
that. I don't think w
This is a software engineering question, not a security question and
hence here.
openssl 3.0.0 is out, and it has a lot of compat issues.
I hear that openssl 1.1.1 only has two years of maintenance left.
history: 8 was released in July 2018 and 9 in february 2020. At that
pace, 10 will be relea
