GNU bug report logs - #49859
Remove packages that depend on unsupported old OpenSSL releases

Previous Next

Package: guix-patches;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Wed, 4 Aug 2021 01:10:02 UTC

Severity: normal

Tags: patch

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Ludovic Courtès <ludo <at> gnu.org>
To: Efraim Flashner <efraim <at> flashner.co.il>
Cc: Julien Lepiller <julien <at> lepiller.eu>, 49859 <at> debbugs.gnu.org, Leo Famulari <leo <at> famulari.name>
Subject: [bug#49859] Remove packages that depend on unsupported old OpenSSL releases
Date: Wed, 11 Aug 2021 16:08:21 +0200

Hi,

Efraim Flashner <efraim <at> flashner.co.il> skribis:

> I'm in favor of moving openssl-1.0 to guix-past, it's the perfect type
> of package to go there. Upstream has declared it dead and no one is
> going to touch it. Similar to how qt-4 moved there a few months ago.

Agreed. However…

> ADB and fastboot are still useful, and (ignoring some networking options
> they apparently have) are localhost only. I'd rather leave them both for
> now with an eye to shoehorning in an updated version somehow, hiding
> openssl-1.0, and adding a note to remove it as soon as nothing needs it
> anymore.

… this means we need to keep openssl 1.0, hidden, in Guix proper.  That
sounds like a reasonable option to me.  Leo’s approach of progressively
removing anything that depends on it sounds good to me nevertheless, but
it’s good that we can weigh the pros and cons for each candidate.

Julien said upgrading ADB/fastboot is not an option, at least not now.

Another option would be to patch ADB so it can use OpenSSL 1.1.
Hopefully the changes can be relatively simple and isolated.  Worth
trying?

Ludo’.
This bug report was last modified 3 years and 281 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.