nia <nia%NetBSD.org@localhost> writes: > There are likely problems mixing different OpenSSL shared object > versions in pkgsrc, no? If you mean openssl 1.1.1 in base, and (eventually) 3 in pkgsrc, with /usr/lib/libopenssl.so.[1.1.1-version] /usr/pkg/lib/libopenssl.so.[3-version] and things in base linked with base, things in pkgsrc linked with pkgsrc, and some mess with both in the same binary, then agreed that this is going to be not good, but maybe not super terrible in practice. > If NetBSD 10 is to have OpenSSL 1.1 I think it's critical we > establish a flow for maintaining it in the long term (whether > it's by pulling patches from Red Hat, etc), so it doesn't rot > like netbsd-8. Agreed. I think we're headed for openssl 3 being security/openssl3 and some way to select 1.1.1 vs 3 (globally for pkgsrc), with builtin processing to use base isntead for both cases, and choosing pkgsrc different from base not really being supported, but non-gross patches that don't break other cases welcome. That leaves the "who is going to patch 1.1.1 after openssl project stops" open, but I think ti's the usual "people who care, grabbing patches from other places that care" and we'll muddle through. Does that sound reasonable to you? To others?
Attachment:
signature.asc
Description: PGP signature