So I presume then that python2.7 in Debian works flawlessly with OpenSSL 3.0.0, no regressions, no security issues and no ABI problems right?
On Thu, Jun 30, 2022 at 5:13 PM Robbie Harwood <rharwood@xxxxxxxxxx> wrote:
Charalampos Stratakis <cstratak@xxxxxxxxxx> writes:
> Unfortunately that effort is moot, it's really not possible to make
> python2.7 compatible with OpenSSL 3.0.0, I mean even the latest Python
> versions are not 100% compatible for various reasons.
>
> In trying to make it compatible there are also ABI changes introduced,
> it's not only about having the tests pass. The ssl module is already
> complex enough in backporting changes from the master Python branch to
> previous 3.x versions, doing that for 2.7 without a full fledged
> effort from SSL and the Python C API experts guarantee there's gonna
> be regressions. And that's not even taking into account the security
> implications of randomly cherry-picking commits just to have the
> package compile.
I'm having trouble understanding this because Debian seems to have
carried out what you're saying is impossible: in testing, they ship a
python2.7 that appears to be using openssl 3, and do not ship openssl
1.1 at all. There are also a handful of clearly openssl 3-related
patches in their tree
https://salsa.debian.org/cpython-team/python2/-/tree/master/debian/patches
Have folks looked at how they do this, and whether we could adapt it to
Fedora?
Be well,
--Robbie
--
Regards,
Charalampos Stratakis
Senior Software Engineer
Python Maintenance Team, Red Hat
Charalampos Stratakis
Senior Software Engineer
Python Maintenance Team, Red Hat
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure