On Wed, Jun 29, 2022 at 5:46 PM Dmitry Belyavskiy <dbelyavs@xxxxxxxxxx> wrote: > > On Wed, Jun 29, 2022 at 5:27 PM Miro Hrončok <mhroncok@xxxxxxxxxx> wrote: >> >> Please don't remove the devel package if you aim for deprecation. As other have >> said, removing the devel package is essentially retirement, not deprecation. > > OK, it's not a problem to deprecate the package in the sense of https://docs.fedoraproject.org/en-US/packaging-guidelines/deprecating-packages/ I agree with Miro.If you want to ensure no new packages start depending on openssl1.1, then adding "Provides: deprecated()" (to both the openssl1.1 and openssl1.1-devel packages) is exactly what you want. fedora-review includes a check that prints a warning when a package depends on something that has "Provides: deprecated()", so no new packages should ever be added to Fedora that depend on something that is deprecated. Removing a (sub-)package is not a "deprecation", because it already breaks dependent packages, and *does not* give any advance warning to affected people, which a deprecation is supposed to provide. > But we still want to get rid of it. I understand this goal, but starting with a deprecation means that this will be a two-step process: 1) deprecate openssl1.1 and openssl1.1 packages (adding "Provides: deprecated()" to them): this ensures no new packages depend on them (fine to do that for Fedora 37) 2) once no Fedora packages (only third-party binaries) depend on openssl1.1, you *can* drop openssl1.1-devel (too early in Fedora 37, target 38 or 39 instead?, see EOL dates listed below) Dropping openssl1.1-devel (and keeping openssl1.1) *before* all official Fedora components have been ported to openssl 3 is essentially making them hang by the thinnest of threads - the packages will fail to build, but still be *installable* - if only for so long. These packages will also start to fail to install after any soname bump (or another similar change) in their dependency trees - because they won't be able to be rebuilt for that (unrelated) change, because openssl1.1-devel is gone. It will also block any critical / security updates for affected packages, which is certainly not what we want. So, please, don't remove the openssl1.1-devel package while there's still Fedora packages that depend on it. I assume openssl1.1 itself will be kept for some time, to provide support for third-party applications that require it? So keeping the -devel package around does not create any additional work for you, but it will make life for maintainers of dependent packages much easier, until they can switch their packages to OpenSSL 3. >> > I don't think that the community really requires support for this package for 7 >> > years after its upstream sunset. >> >> OpenSSL 3 was introduced in Fedora 36, that has *just* been released this year. >> This is a change proposal for Fedora 37, that is half a year after, not 7 years :/ > > > Well, speaking about 7 years, I mean the idea to support the compat package synchronously with RHEL 8. > I'd like to retire this package not later than, well, a release after OpenSSL 1.1.1 EOL. According to the OpenSSL website (https://www.openssl.org/policies/releasestrat.html) OpenSSL 1.1.1 will be supported until 2023-09-11. Fedora 37 will be EOL at around 2023-11-14 (https://fedorapeople.org/groups/schedule/f-39/f-39-key-tasks.html), so OpenSSL 1.1.1 will still be officially supported for most of its lifecycle - I don't see why it already needs to be removed in Fedora 37. This alignment of EOL dates make me wonder whether the removal of openssl1.1(-devel) should be targeted at Fedora 38 (more than half its supported lifetime is after OpenSSL 1.1.1 is EOL) or Fedora 39 (released after OpenSSL 1.1.1 is EOL) instead, but Fedora 37 seems too early for a *removal*, but officially deprecating it in Fedora 37 sounds very reasonable to me. Fabop _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
