On 24. 06. 22 11:23, Dmitry Belyavskiy wrote:
>
>
> On Fri, Jun 24, 2022 at 11:20 AM Daniel P. Berrangé <berrange(a)redhat.com
> <mailto:berrange@redhat.com>> wrote:
>
> On Fri, Jun 24, 2022 at 11:13:13AM +0200, Dmitry Belyavskiy wrote:
> > On Wed, Jun 22, 2022 at 11:02 PM Miro Hrončok <mhroncok(a)redhat.com
> <mailto:mhroncok@redhat.com>> wrote:
> >
> > > On 22. 06. 22 21:05, Vipul Siddharth wrote:
> > > > We are going to deprecate openssl1.1 package, stop shipping the
> > > > corresponding devel package, and stop respecting crypto policies
in
> > > > openssl1.1 package itself.
> > >
> > > +1 to deprecating it
> > >
> >
> > Great!
> >
> > -1 to stop shipping the devel package, this would mean we cannot build at
> > > least:
> > >
> > > - Python 2.7
> > > despite our long term efforts, many things still need that, e.g.
gimp,
> > > firefox (some builds do, then some don't), thunderbird etc., see
> > >
https://fedora.portingdb.xyz/ <
https://fedora.portingdb.xyz/>
> > >
> > > Or Python 3.6 (shipped for developers targeting RHEL 7/8).
> > >
> > > As long as OpenSSL 1.1 gets security fixes in RHEL 8, could we
please
> > > leave the
> > > devel package?
> > >
> >
> > I'm not sure that if we don't remove the devel package, we will
provide
> > strong enough motivation to get rid of the deprecating packages.
>
> If the openssl maintainers really strongly want to remove the
> devel pacakge, then don't call this deprecation because that
> is misleading. Call this purging openssl1.1 from the entire
> distro, such that it can only be used by 3rd party apps who
> have previously compiled against older Fedora openssl-devel.
> Be open about fact that this will cause FTBFS for any Fedora
> packages that stil uses openssl1 and their removal from the
> distro if they can't port to openssl3 very quickly.
>
> Do I correctly understand that the situation with Python is the most problematic?
> Are we able to solve it somehow?
>
> What I'm afraid of is that if we just declare the deprecation, we will stay
> with this package forever.
Not forever, just until Python 2.7 is removed :D
Seriously thou, my proposal is:
- deprecate it now
- announce it goes away when RHEL 8 maintenance support ends
Following the guidelines for deprecated packages:
https://docs.fedoraproject.org/en-US/packaging-guidelines/deprecating-pac...
# This is when RHEL 8 maintenance support is expected to end
#
https://access.redhat.com/support/policy/updates/errata
# The life-cycle time spans and dates are subject to adjustment
Provides: deprecated() = 20290531
You are going to support OpenSSL 1.1 in RHEL 8 until that day anyway.
This is also when we plan to remove Python 3.6:
https://lists.fedoraproject.org/archives/list/python-devel@lists.fedorapr...
And if Python 2.7 isn't removed by then, we can rip it out together with
OpenSSL 1.1 in Fedora 50.
--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
_______________________________________________
devel mailing list -- devel(a)lists.fedoraproject.org
To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure