On Mon, Jun 20, 2022 at 12:17:38AM +0200, Andreas Enge wrote:
> Hello,
> 
> Am Fri, Apr 01, 2022 at 10:41:11AM +0200 schrieb Ludovic Courtès:
> > At first sight, it looks like an easy-to-maintain package: no
> > dependencies, few users, stable API.
> > 
> > I tried to update it to 3.5.1 and was proved wrong though: there’s one
> > test failure in ‘tests/asn1object’ and the Internet doesn’t seem to know
> > how to address the problem.  So it would need a bit more work.
> > 
> > I’d lean towards keeping it and doing that extra work, collectively, but
> > I understand this very discussion shows that it’s debatable.
> 
> at some point in time, my understanding was that we would switch everything
> to libressl and drop openssl. I have not followed, but from
>    https://lwn.net/Articles/841664/
> it looks as if the problems with openssl are more or less solved, at least
> they are not worse than in libressl.
> 
> So an option would be to try to switch the existing dependencies to openssl
> and decide from there.
> 
> What do you think?

I thought I had updated it last month but it turns out I never actually
did. My daughter and I looked at fixing acme-client before the staging
merge before we saw it was abandoned, I guess that's when I thought I
updated libressl. I'd be more interested in trying to use openssl-3 than
trying to pull along libressl.

-- 
Efraim Flashner   <efraim@flashner.co.il>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted