unofficial mirror of bug-guix@gnu.org 
 help / color / mirror / Atom feed
* bug#46602: Removing OpenSSL 1.0
@ 2021-02-17 21:26 Leo Famulari
  2021-02-25 19:01 ` zimoun
  0 siblings, 1 reply; 2+ messages in thread
From: Leo Famulari @ 2021-02-17 21:26 UTC (permalink / raw)
  To: 46602

OpenSSL 1.0 is no longer supported as free software. As research
continues, new bugs are discovered and there are no fixes available.

We should remove it soon. Since Qt 4 depends on it, we can remove them
at the same time [0].

Some packages will probably have to be removed, since they depend on
OpenSSL 1.0 and have not been updated to use more recent versions.

OpenSSL 1.0 is used in the Rust bootstrap, unfortunately, so we will
have to preserve some package of it, but it will be hidden.

Any thoughts?

[0] https://bugs.gnu.org/45704




^ permalink raw reply	[flat|nested] 2+ messages in thread

* bug#46602: Removing OpenSSL 1.0
  2021-02-17 21:26 bug#46602: Removing OpenSSL 1.0 Leo Famulari
@ 2021-02-25 19:01 ` zimoun
  0 siblings, 0 replies; 2+ messages in thread
From: zimoun @ 2021-02-25 19:01 UTC (permalink / raw)
  To: Leo Famulari; +Cc: 46602

Hi Leo,

On Wed, 17 Feb 2021 at 22:43, Leo Famulari <leo@famulari.name> wrote:
>
> OpenSSL 1.0 is no longer supported as free software. As research
> continues, new bugs are discovered and there are no fixes available.
>
> We should remove it soon. Since Qt 4 depends on it, we can remove them
> at the same time [0].
>
> Some packages will probably have to be removed, since they depend on
> OpenSSL 1.0 and have not been updated to use more recent versions.
>
> OpenSSL 1.0 is used in the Rust bootstrap, unfortunately, so we will
> have to preserve some package of it, but it will be hidden.

Well, it needs some care I guess.

$ guix refresh -l openssl@1.0
Building the following 1930 packages would ensure 2048 dependent
packages are rebuilt

On the other hand, grepping for "openssl-1.0" returns:

16 matches
12 files contained matches
1522 files searched

File: distributed.scm
File: networking.scm
File: databases.scm
File: rust.scm
File: web-browsers.scm
File: android.scm
File: web.scm
File: crypto.scm
File: messaging.scm
File: ntp.scm
File: crates-io.scm
File: qt.scm

Therefore, a good start seems to try to build all the 16 packages
depending on openssl@1.0 with openssl@1.1.  And mark them with a
comment if they fail.  But I guess that openssl@1.0 is a strong
requirement for these 16 packages.

For instance, the package psyclpc (gnu packages messaging) could be
removed since it does not build and use openssl@1.0.

Cheers,
simon




^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2021-02-25 19:02 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-17 21:26 bug#46602: Removing OpenSSL 1.0 Leo Famulari
2021-02-25 19:01 ` zimoun

unofficial mirror of bug-guix@gnu.org 

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://yhetil.org/guix-bugs/0 guix-bugs/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 guix-bugs guix-bugs/ https://yhetil.org/guix-bugs \
		bug-guix@gnu.org
	public-inbox-index guix-bugs

Example config snippet for mirrors.
Newsgroups are available over NNTP:
	nntp://news.yhetil.org/yhetil.gnu.guix.bugs
	nntp://news.gmane.io/gmane.comp.gnu.guix.bugs


AGPL code for this site: git clone http://ou63pmih66umazou.onion/public-inbox.git