[MacPorts] #55264: libressl @2.5.5: update to 2.6.4
MacPorts
noreply at macports.org
Mon Apr 23 15:22:35 UTC 2018
#55264: libressl @2.5.5: update to 2.6.4
-----------------------+----------------------
Reporter: l2dy | Owner: jeremyhu
Type: update | Status: new
Priority: Normal | Milestone:
Component: ports | Version:
Resolution: | Keywords:
Port: libressl |
-----------------------+----------------------
Comment (by jeremyhu):
Replying to [comment:10 janstary]:
> If we do upgrade, the dependent ports need to be rebuilt, obviously.
> But that's imho a very weak reason not to upgrade. There are ports
> that can drop their OpenSSl/LibreSSL patch now. Isn't that the issue we
have with LibreSSL in general?
No, I don't think anyone feels that patching is a problem. The problem is
that Libressl and OpenSSL are ABI incompatible (heck, OpenSSL is not ABI
compatible with OpenSSL and ditto for Libressl with itself), and we don't
have a good solution in place for installing multiple versions. Combined
with deep dependencies that make rev-upgrade impossible to solve, this
makes changing the ABIs quite problematic.
>
> The fact that we have not yet figured out the right way for OpenSSL,
LibreSSL, WolfSSL etc to coexist
> in general is not a reason to not upgrade: we are no worse off in that
regard with 2.7.2 than 2.5.5
> (or any other version of any of the others, for that matter).
Correct, we're no worse off with 2.7.2 vs 2.5.5 aside from the fact that
everyone using it will go through tremendous pain trying to rev-upgrade.
That's what I want to avoid. I want to make everyone go through that pain
just one more time (when we fix #54744).
> As for the libressl and libressl-devel: LibreSSL itself makes no
distinction between a "stable release"
> or a "devel releaae". That's entirely ours (i.e. Jeremy's :-).
That's not entirely true (as pointed out above). However, one of the
major reasons for the -devel port has more or less gone away. For the
first few years of its life, Libressl was dropping more and more legacy
APIs between releases, so it made sense to test that out in -devel to
ensure no major problems and address them before moving to the stable
port..
> I undrstand the desire to have the "bleeding edge" separated,
> so that you can install either the latest or the previous (typically).
But our libressl is 2.5.5 and our libressl-devel is 2.6.2;
> that is, they are both behind.
Yes, because those were the versions in place when #54744 was brought up,
so we decided to leave them there while someone worked on a solution to
that problem. However, nobody has solved that yet, and I haven't had any
time to devote to it either =/.
Replying to [comment:14 janstary]:
> OK, do we agree that figuring out https://trac.macports.org/ticket/54744
> is not a prerequisity for bumping libressl?
>
> If so, can we upgrade to 2.7.2 please?
I'm happy to bump libressl-devel since more people opt into the rev-
upgrade pain in using the -devel port.
> Thanks for the stable/devel correction.
> According to the homepage, 2.7.2 is the "stable" one now,
> meaning "what is in the latest OpenBSD release"; there is no "devel"
release.
> Would it make more sense then to upgrade libressl (as opposed to
libressl-devel)?
No, because I want to avoid inflicting rev-upgrade pain on users of the
libressl port.
> Staying with 2.5.5 < 2.7.2, we are really missing out.
I agree, and hopefully that encourages some folks to take a look at
#54744, so we can install these ports in parallel and configure which
libssl is used on a per-port basis.
--
Ticket URL: <https://trac.macports.org/ticket/55264#comment:15>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list