I agree (vigorously and in detail) with Fabio’s message. – Ben Beasley On Wed, Jun 29, 2022, at 12:42 PM, Fabio Valentini wrote: > On Wed, Jun 29, 2022 at 5:46 PM Dmitry Belyavskiy <dbelyavs@xxxxxxxxxx> wrote: >> >> On Wed, Jun 29, 2022 at 5:27 PM Miro Hrončok <mhroncok@xxxxxxxxxx> wrote: >>> >>> Please don't remove the devel package if you aim for deprecation. As other have >>> said, removing the devel package is essentially retirement, not deprecation. >> >> OK, it's not a problem to deprecate the package in the sense of https://docs.fedoraproject.org/en-US/packaging-guidelines/deprecating-packages/ > > I agree with Miro.If you want to ensure no new packages start > depending on openssl1.1, then adding "Provides: deprecated()" (to both > the openssl1.1 and openssl1.1-devel packages) is exactly what you > want. fedora-review includes a check that prints a warning when a > package depends on something that has "Provides: deprecated()", so no > new packages should ever be added to Fedora that depend on something > that is deprecated. > > Removing a (sub-)package is not a "deprecation", because it already > breaks dependent packages, and *does not* give any advance warning to > affected people, which a deprecation is supposed to provide. > >> But we still want to get rid of it. > > I understand this goal, but starting with a deprecation means that > this will be a two-step process: > > 1) deprecate openssl1.1 and openssl1.1 packages (adding "Provides: > deprecated()" to them): this ensures no new packages depend on them > (fine to do that for Fedora 37) > 2) once no Fedora packages (only third-party binaries) depend on > openssl1.1, you *can* drop openssl1.1-devel (too early in Fedora 37, > target 38 or 39 instead?, see EOL dates listed below) > > Dropping openssl1.1-devel (and keeping openssl1.1) *before* all > official Fedora components have been ported to openssl 3 is > essentially making them hang by the thinnest of threads - the packages > will fail to build, but still be *installable* - if only for so long. > > These packages will also start to fail to install after any soname > bump (or another similar change) in their dependency trees - because > they won't be able to be rebuilt for that (unrelated) change, because > openssl1.1-devel is gone. It will also block any critical / security > updates for affected packages, which is certainly not what we want. > > So, please, don't remove the openssl1.1-devel package while there's > still Fedora packages that depend on it. I assume openssl1.1 itself > will be kept for some time, to provide support for third-party > applications that require it? So keeping the -devel package around > does not create any additional work for you, but it will make life for > maintainers of dependent packages much easier, until they can switch > their packages to OpenSSL 3. > >>> > I don't think that the community really requires support for this package for 7 >>> > years after its upstream sunset. >>> >>> OpenSSL 3 was introduced in Fedora 36, that has *just* been released this year. >>> This is a change proposal for Fedora 37, that is half a year after, not 7 years :/ >> >> >> Well, speaking about 7 years, I mean the idea to support the compat package synchronously with RHEL 8. >> I'd like to retire this package not later than, well, a release after OpenSSL 1.1.1 EOL. > > According to the OpenSSL website > (https://www.openssl.org/policies/releasestrat.html) OpenSSL 1.1.1 > will be supported until 2023-09-11. > Fedora 37 will be EOL at around 2023-11-14 > (https://fedorapeople.org/groups/schedule/f-39/f-39-key-tasks.html), > so OpenSSL 1.1.1 will still be officially supported for most of its > lifecycle - I don't see why it already needs to be removed in Fedora > 37. > > This alignment of EOL dates make me wonder whether the removal of > openssl1.1(-devel) should be targeted at Fedora 38 (more than half its > supported lifetime is after OpenSSL 1.1.1 is EOL) or Fedora 39 > (released after OpenSSL 1.1.1 is EOL) instead, but Fedora 37 seems too > early for a *removal*, but officially deprecating it in Fedora 37 > sounds very reasonable to me. > > Fabop > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
