On Tue, Aug 3, 2021 at 7:10 AM Simo Sorce <simo@xxxxxxxxxx> wrote:
>
> On Tue, 2021-08-03 at 06:50 -0400, Neal Gompa wrote:
> > On Tue, Aug 3, 2021 at 5:59 AM Simo Sorce <simo@xxxxxxxxxx> wrote:
> > >
> > > On Mon, 2021-08-02 at 17:43 -0400, Neal Gompa wrote:
> > > > On Mon, Aug 2, 2021 at 5:39 PM Stephen Gallagher <sgallagh@xxxxxxxxxx> wrote:
> > > > >
> > > > > On Mon, Aug 2, 2021 at 11:11 AM Simo Sorce <simo@xxxxxxxxxx> wrote:
> > > > > >
> > > > > > I think at this stage it may be safer to defer to F36, and land OpenSSL
> > > > > > 3.0 in rawhide right after F35 forks out.
> > > > > >
> > > > >
> > > > > I'm generally in agreement here; I think it's too much risk too late
> > > > > in the cycle. Could you re-propose the Change for F36?
> > > >
> > > > I'm not sure I agree, but the Change owners can request the proposal
> > > > to be deferred to F36, which I *personally* would accept if
> > > > they intended to import OpenSSL 3.0 into Rawhide *right* after
> > > > branching. No more delaying it since it's clearly being done in RHEL
> > > > (which is already super-backwards to begin with). This Change has
> > > > already been deferred once (it was originally planned for F34). I
> > > > don't want it deferred again without a plan to work on it *in Fedora*.
> > > >
> > > > Otherwise, just abandon the Change entirely.
> > >
> > > Neal,
> > > you are addressing this as if the OpenSSL maintainers are being
> > > capricious.
> > >
> > > We deferred the introduction of OpenSSL 3.0 in Fedora because we did
> > > not want a mess in a distribution that is actually used, out of concern
> > > for our users.
> > >
> > > We can "dump" OpenSSL 3.0 in Fedora at any time, but we consciously
> > > choose not to as to avoid pain for users. We cannot drop the Change
> > > because we have to introduce OpenSSL 3.0 at some point, we just want to
> > > introduce it when it's right for Fedora.
> > >
> >
> > My irritation comes from the lack of communication from the Change
> > owner. This Change has already been deferred once (for good reason,
> > mind you). I'm annoyed that this is being deferred again because this
> > time the Change owner hasn't said *anything* at all. Everyone else
> > seems to be speaking (even Florian, which confuses me). I wouldn't
> > mind the Change being deferred again for solid technical reasons, but
> > I don't know how to trust that this Change is ever going to get done
> > because zero work happened and zero communication happened.
>
> The fact work isn't visible, doesn't mean nothing happened.
>
To most people, it appears that nothing has happened, yes. It would
have been nice to know that stuff happened.
> That said, upstream broke the ABI between alpha and beta1 so we are
> very happy that we "have done nothing" in Fedora and delayed the
> change.
>
Sure, but the Change proposal[1] explicitly says that the work would
start *after* the beta release in June. The beta release came out June
17[2], and nothing happened afterward in Fedora, presumably because
Sahana was working on rebasing to it in CentOS Stream 9, which
completed a month later[3]. Note that now Beta 2 came out a week
ago[4], which seems to carry *some* ABI stability (which is a surprise
to me, honestly...).
>From my naive point of view, once that rebase work was complete, I
would have expected the same effort to land in Fedora, since we
already had the openssl1.1 compatibility package created a year
ago[5]. Then we could have integrated it as part of the mass build
last week instead of needing a targeted rebuild for it in a side-tag.
For what it's worth, there seem to be 633 source packages that produce
940 binary packages that link to OpenSSL, so it's not *that* crazy to
do a targeted rebuild:
> ngompa@localhost ~> sudo dnf -q repoquery --qf "%{SOURCERPM}" --whatdepends openssl-libs --latest=1 --exclude=\*.i686 | wc -l
> 633
> ngompa@localhost ~> sudo dnf -q repoquery --whatdepends openssl-libs --latest=1 --exclude=\*.i686 | wc -l
> 940
Basically, my problem is that I don't think Sahana was prepared on how
to handle doing this work properly and they just need to be aware that
communication is extremely important when doing stuff like this.
Sahara took this over from Tomáš Mráz, who left Red Hat to work for
the OpenSSL Foundation on OpenSSL full-time. In that transfer, I don't
think anyone educated Sahana on how to handle Fedora Changes.
However, regardless of all the previous mistakes, I still don't think
that OpenSSL 3.0 necessarily needs to be skipped for Fedora Linux 35
based on all that. What *would* concern me is OpenSSL 3.0's own
release schedule, or rather the lack of one. It is unclear when
OpenSSL 3.0 final is supposed to be released. Digging into the
upstream project information, it seems like there's not much left[6].
But I'm unsure if they do relatively fixed milestones or very fluid
milestones. That's also combined with no estimates of when OpenSSL 3.0
final is supposed to be released, at least none that I can find.
[1]: https://fedoraproject.org/wiki/Changes/OpenSSL3.0
[2]: https://www.openssl.org/blog/blog/2021/06/17/OpenSSL3.0ReleaseCandidate/
[3]: https://gitlab.com/redhat/centos-stream/rpms/openssl/-/merge_requests/15
[4]: https://github.com/openssl/openssl/releases/tag/openssl-3.0.0-beta2
[5]: https://src.fedoraproject.org/rpms/openssl1.1
[6]: https://github.com/openssl/openssl/milestone/15
--
真実はいつも一つ!/ Always, there's only one truth!
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
