On Fri, Jun 24, 2022 at 11:13:13AM +0200, Dmitry Belyavskiy wrote:
> On Wed, Jun 22, 2022 at 11:02 PM Miro Hrončok <mhroncok@redhat.com> wrote:
>
> > On 22. 06. 22 21:05, Vipul Siddharth wrote:
> > > We are going to deprecate openssl1.1 package, stop shipping the
> > > corresponding devel package, and stop respecting crypto policies in
> > > openssl1.1 package itself.
> >
> > +1 to deprecating it
> >
>
> Great!
>
> -1 to stop shipping the devel package, this would mean we cannot build at
> > least:
> >
> > - Python 2.7
> >    despite our long term efforts, many things still need that, e.g. gimp,
> > firefox (some builds do, then some don't), thunderbird etc., see
> > https://fedora.portingdb.xyz/
> >
> > Or Python 3.6 (shipped for developers targeting RHEL 7/8).
> >
> > As long as OpenSSL 1.1 gets security fixes in RHEL 8, could we please
> > leave the
> > devel package?
> >
>
> I'm not sure that if we don't remove the devel package, we will provide
> strong enough motivation to get rid of the deprecating packages.

If the openssl maintainers really strongly want to remove the
devel pacakge, then don't call this deprecation because that
is misleading. Call this purging openssl1.1 from the entire
distro, such that it can only be used by 3rd party apps who
have previously compiled against older Fedora openssl-devel.
Be open about fact that this will cause FTBFS for any Fedora
packages that stil uses openssl1 and their removal from the
distro if they can't port to openssl3 very quickly.