Hi Jonathan, > On 19. Jul 2024, at 18:13, Jonathan Wakely <jwakely@xxxxxxxxxx> wrote: > > It's possible to find all packages in F40 (before openssl-devel-engine > was introduced) that depend on the ENGINE_cleanup symbol (or some > other symbol if there's a better one to check for), which will tell us > all the packages that were affected by this change. Then bugs can be > filed and each package can decide whether to add BuildRequires: > openssl-devel-engine to its spec or not. Once that's step is done, all > existing packages will be correct: they either don't use engines, > because they never needed them, or they opt-in to using them. Then > there will be no silent failures. Anything that isn't using them is > doing so intentionally, so not a "failure". > > For new packages that want to use engines, presumably somebody will > check that engine support is enabled when testing the functionality of > the new package. If they mess that up, that's a packaging bug and can > be fixed. > > So I really do think the way to fix this is to default to > OPENSSL_NO_ENGINE and simultaneously file bugs for all packages using > ENGINE_cleanup and tell them to decide whether to BuildRequires: > openssl-devel-engine. Correct, I just didn’t have the time to work on this yet. See https://bugzilla.redhat.com/show_bug.cgi?id=2296114 for some progress towards this. If anybody has automated tooling to mass-file Fedora tickets that I could re-use, pointers very welcome. -- Clemens Lang RHEL Crypto Team Red Hat -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
