Re: 9.0 is getting old...

[Greg Troxel <gdt%lexort.com@localhost>]

Martin Husemann <martin%duskware.de@localhost> writes:

>> Have there been ABI changes?  Is this to deal with those changes, or to
>> force a version with a security fix (i.e., telling people that the choice
>> they made to update isn't ok :-), or ?
>
> This is a classical dilemma - we promise ABI stability, but some parts of
> the base system (like openssl) do not allow for that.
>
> See the 9.4 announcement:
>
> 	https://netbsd.org/releases/formal-9/NetBSD-9.4.html
>
> where a big note says:
>
> 	Important: the version of OpenSSL included with NetBSD
> 	9.x is now unsupported unless a support contract is
> 	purchased from OpenSSL, and cannot be upgraded without
> 	breaking the ABI compatibility we've promised for
> 	the netbsd-9 branch. Users are recommended to update
> 	to NetBSD 10 or use OpenSSL from pkgsrc.
>
> We can not update OpenSSL on the branch (breaks ABI compatibility big
> time) and we can not provide security fixes for the old openssl branch.

So it's not really a dilemma, technically.  We have sorted ABI compat
higher, and I think that's the right call.

(10 should have been released 2 years ago, and 11 just now, and if so 9
would be fomrally irrelevant.)

> For pkgsrc users there is an easy way out: set PREFER_PKGSRC.openssl to
> yes and rebuild all of your pkgs.
>
> But for users of binary pkgs there currently is no choice.
> Either switching the official pkgs over, or providing a second set would
> be usefull (alone from the openssl PoV).

A second set is madness.  We do not even have the resources to do what
we need to do in the first place.

See my other note; this is really about "should pkgsrc consider openssl
< 3 to be usable, or should it not", across all platforms.