[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#46602: Removing OpenSSL 1.0
From: |
zimoun |
Subject: |
bug#46602: Removing OpenSSL 1.0 |
Date: |
Thu, 25 Feb 2021 20:01:22 +0100 |
Hi Leo,
On Wed, 17 Feb 2021 at 22:43, Leo Famulari <leo@famulari.name> wrote:
>
> OpenSSL 1.0 is no longer supported as free software. As research
> continues, new bugs are discovered and there are no fixes available.
>
> We should remove it soon. Since Qt 4 depends on it, we can remove them
> at the same time [0].
>
> Some packages will probably have to be removed, since they depend on
> OpenSSL 1.0 and have not been updated to use more recent versions.
>
> OpenSSL 1.0 is used in the Rust bootstrap, unfortunately, so we will
> have to preserve some package of it, but it will be hidden.
Well, it needs some care I guess.
$ guix refresh -l openssl@1.0
Building the following 1930 packages would ensure 2048 dependent
packages are rebuilt
On the other hand, grepping for "openssl-1.0" returns:
16 matches
12 files contained matches
1522 files searched
File: distributed.scm
File: networking.scm
File: databases.scm
File: rust.scm
File: web-browsers.scm
File: android.scm
File: web.scm
File: crypto.scm
File: messaging.scm
File: ntp.scm
File: crates-io.scm
File: qt.scm
Therefore, a good start seems to try to build all the 16 packages
depending on openssl@1.0 with openssl@1.1. And mark them with a
comment if they fail. But I guess that openssl@1.0 is a strong
requirement for these 16 packages.
For instance, the package psyclpc (gnu packages messaging) could be
removed since it does not build and use openssl@1.0.
Cheers,
simon