On Wed, Mar 20, 2024 at 11:24 AM Daniel P. Berrangé <berrange@xxxxxxxxxx> wrote: > > On Wed, Mar 20, 2024 at 03:27:34PM +0100, Petr Pisar wrote: > > V Wed, Mar 20, 2024 at 02:05:52PM +0000, Daniel P. Berrangé napsal(a): > > > Consider you've built your own app on Fedora 39 that uses these > > > symbols, and now upgrade to F40. RPM will consider the dependency > > > still satisfied, as the SONAME hasn't changed on libcrypto. The > > > app throws linker errors at some point due to the missing symbols. > > > > > > Another alternative is to continue providing fully functional engine > > > symbols, but remove the header files so in practice you can't compile > > > something new that uses it. This is still forking the API, but at least > > > has not forked the ELF ABI, so the upgrade doesn't explode. > > > > > Another option is remove the symbols, change soname, and rebuild reverse > > dependencies. > > Changing soname is something I don't think distros should ever do. ELF > soname designation belongs to the upstream project maintainers. > I agree with this. It was a royal pain to get us to stop doing that with OpenSSL 1.1, I don't want to go back to having to field bug reports about broken OpenSSL sonames again. While it is technically out of scope to discuss CentOS Stream 10 here, I am not sure it is wise to drop the engines API there either. It will result in tremendous problems for consumers and while deprecated, OpenSSL 4.0 (which removes deprecated APIs) has no currently planned release date: https://github.com/openssl/openssl/milestone/24 Even if we're being generous and saying it'll arrive in 3 years, that's still far enough away that we're talking about Fedora 46 (!!) and RHEL 11. The amount of damage and breakage for third-parties by disabling engine support is unconscionable, in my opinion. >From the Fedora perspective, I just see no reason to do this anytime soon. -- 真実はいつも一つ!/ Always, there's only one truth! -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
