Am 24.06.22 um 11:27 schrieb Florian Weimer:
* Felix Schwarz:
> Are these Python 2.7 dependencies only used at build time? In that
> case Fedora could maybe announce that openssl1.1 might not get the
> full security suport so the burden for openssl1.1 packagers is lower
> without removing the functionality?
I'm pretty sure it's used for Python's own HTTPS implementation, among
other things, so it's not really an optional feature (although Python
can be built without it, I believe).
What I meant is: Is Python 2.7 only used as a build dependency? If so, I think
we might be able to state that Python 2.7 + openssl might get reduced security
support. At build time we don't have any network access anyway.
I guess it is clear that removing openssl1.1 is not really feasible unless we
remove Python 2.7.
Felix