Kevin P. Fleming wrote: > On 6/22/22 15:05, Vipul Siddharth wrote: >> == Benefit to Fedora == >> This proposal ensures than no new packages in Fedora will rely on the >> deprecated OpenSSL version that will cause an overall increase of >> security/stability, and will reduce the amount of old packages relying >> on OpenSSL 1.1 series. >> > This sentence is too long, and as a result I don't think readers will > understand it the way it was intended. I suggest simplifying to: > > --- > > This proposal ensures that no new packages in Fedora will rely on the > deprecated OpenSSL version. That change will cause an overall increase > in security/stability, and will reduce the amount of old packages > relying on OpenSSL 1.1 series. > > --- > > In addition to the wording changes, do you mean 'package-versions' here > where you say 'packages'? Is a new version of OpenSSH, for example, > considered a 'new package' for the purposes of this proposal? As I read this the plan is to drop the devel package from the shipping repos but it is still available in the buildroot. But then there is this: == Dependencies == No packages should depend on openssl1.1-devel packages that is eliminated. But if the devel package is eliminate then doesn't this mean completely dropping OpenSSL 1.x? I assume it's a nuanced thing. Can you clarify this? What about a plan to drop OpenSSL 1.x support entirely. Should that be included in this or is it out-of-scope. Maybe a look-ahead (e.g " in the F38-39 series we'll look to kill it entirely.") What does this mean for reproducible builds if the devel package is not shipped? rob _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
