On 24. 06. 22 11:23, Dmitry Belyavskiy wrote:
On Fri, Jun 24, 2022 at 11:20 AM Daniel P. Berrangé <berrange@xxxxxxxxxx
<mailto:berrange@xxxxxxxxxx>> wrote:
On Fri, Jun 24, 2022 at 11:13:13AM +0200, Dmitry Belyavskiy wrote:
> On Wed, Jun 22, 2022 at 11:02 PM Miro Hrončok <mhroncok@xxxxxxxxxx
<mailto:mhroncok@xxxxxxxxxx>> wrote:
>
> > On 22. 06. 22 21:05, Vipul Siddharth wrote:
> > > We are going to deprecate openssl1.1 package, stop shipping the
> > > corresponding devel package, and stop respecting crypto policies in
> > > openssl1.1 package itself.
> >
> > +1 to deprecating it
> >
>
> Great!
>
> -1 to stop shipping the devel package, this would mean we cannot build at
> > least:
> >
> > - Python 2.7
> > despite our long term efforts, many things still need that, e.g. gimp,
> > firefox (some builds do, then some don't), thunderbird etc., see
> > https://fedora.portingdb.xyz/ <https://fedora.portingdb.xyz/>
> >
> > Or Python 3.6 (shipped for developers targeting RHEL 7/8).
> >
> > As long as OpenSSL 1.1 gets security fixes in RHEL 8, could we please
> > leave the
> > devel package?
> >
>
> I'm not sure that if we don't remove the devel package, we will provide
> strong enough motivation to get rid of the deprecating packages.
If the openssl maintainers really strongly want to remove the
devel pacakge, then don't call this deprecation because that
is misleading. Call this purging openssl1.1 from the entire
distro, such that it can only be used by 3rd party apps who
have previously compiled against older Fedora openssl-devel.
Be open about fact that this will cause FTBFS for any Fedora
packages that stil uses openssl1 and their removal from the
distro if they can't port to openssl3 very quickly.
Do I correctly understand that the situation with Python is the most problematic?
Are we able to solve it somehow?
What I'm afraid of is that if we just declare the deprecation, we will stay
with this package forever.
Not forever, just until Python 2.7 is removed :D
Seriously thou, my proposal is:
- deprecate it now
- announce it goes away when RHEL 8 maintenance support ends
Following the guidelines for deprecated packages:
https://docs.fedoraproject.org/en-US/packaging-guidelines/deprecating-packages/
# This is when RHEL 8 maintenance support is expected to end
# https://access.redhat.com/support/policy/updates/errata
# The life-cycle time spans and dates are subject to adjustment
Provides: deprecated() = 20290531
You are going to support OpenSSL 1.1 in RHEL 8 until that day anyway.
This is also when we plan to remove Python 3.6:
https://lists.fedoraproject.org/archives/list/python-devel@xxxxxxxxxxxxxxxxxxxxxxx/thread/W74WYEVGYAE57KVLCG73I75LZYKKUMXS/
And if Python 2.7 isn't removed by then, we can rip it out together with
OpenSSL 1.1 in Fedora 50.
--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
