From owner-freebsd-ports@freebsd.org Wed Mar 21 18:09:20 2018 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 44FAFF596AF for ; Wed, 21 Mar 2018 18:09:20 +0000 (UTC) (envelope-from brnrd@FreeBSD.org) Received: from smtp02.qsp.nl (smtp02.qsp.nl [193.254.214.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C93347E212; Wed, 21 Mar 2018 18:09:19 +0000 (UTC) (envelope-from brnrd@FreeBSD.org) Received: from smtp02.qsp.nl (localhost [127.0.0.1]) by smtp02.qsp.nl (Postfix) with ESMTP id 92FCA12BB4; Wed, 21 Mar 2018 19:09:17 +0100 (CET) Received: from mail.brnrd.eu (unknown [193.164.217.85]) by smtp02.qsp.nl (Postfix) with ESMTPSA; Wed, 21 Mar 2018 19:09:17 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=brnrd.eu; h=date:from:to:subject:message-id; s=default; bh=bVDNqzDlUNFx9xQ078bOloD7Z7QoX0Hv8E9wyq/i6Mo=; b=q2drYH+MccNwdEHiP59rqoGFt6mj9XnISjTV/leaXqcFaWnrdappkaRFR2Zwoa+QmQoU2N9Di5Q2gAuVKzEsVm8TAtt4BcCKmRJSRgwLHzMmOa9IT++5VEEpjpVFaCsSmDW1heEBI5fS4Jm0TvbCwy27AmKo2F1WTKtKzqGD7tq/2dnGM97nO2bfQbjfQJraIUAL/KRXhpdKsruY6//S8T5GTXz+n6yX2VNXrYo5XsoU6kaWuSnjp12/RVbJ5SK0suruw+H/cHAGqEI+TMdfW3VZl1U1I5nmu+27wKBJHG55nr9WY4KDFFCyKGHQjBjnDwBrLu1BmojHeu10dyOqYQ== Received: by bachfreund.nl (OpenSMTPD) with ESMTPSA id 048734a3 TLS version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO; Wed, 21 Mar 2018 19:09:16 +0100 (CET) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Wed, 21 Mar 2018 19:09:16 +0100 From: Bernard Spil To: Mathieu Arnold Cc: freebsd-ports@freebsd.org Subject: Re: Intent to update security/openssl-devel to 1.1.1 In-Reply-To: <20180321165353.aeib6uo3by73njni@ogg.in.absolight.net> References: <79f494bc5960dfceb97af95857e2b2dd@FreeBSD.org> <2ebfcb4f8edf8fa0c5c116ed56a9df43@FreeBSD.org> <20180321165353.aeib6uo3by73njni@ogg.in.absolight.net> Message-ID: <3958360768d443a6964f781598a37283@FreeBSD.org> X-Sender: brnrd@FreeBSD.org User-Agent: Roundcube Webmail/1.3.4 X-SMTP-Virus-Scanned: clamav at smtp01 X-Spam-Status: No, score=0.6 required=5.0 tests=HK_RANDOM_ENVFROM, UNPARSEABLE_RELAY autolearn=disabled version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on svfilter02.qsp.nl X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Mar 2018 18:09:20 -0000 On 2018-03-21 17:53, Mathieu Arnold wrote: > On Wed, Mar 21, 2018 at 04:55:59PM +0100, Bernard Spil wrote: >> I'm open to suggestions on keeping both version 1.1.0 and 1.1.1 in the >> tree, > > Well, there is a -devel port to keep the development version of > OpenSSL, > no need to have more than one development version. The -devel port hasn't been a -devel version since August 2017 with r420878. Should I have put it up for reconsidering different naming back then? > At one point, someone will work on updating the non -devel port to the > 1.1 branch, but nobody has worked on that yet. Do you agree that we should create a security/openssl11 port so that users can switch to that version if they wish? That would allow me to update -devel to 1.1.1.p3 outright. More and more I feel like I'm depriving early adopters of the ability to use TLSv1.3. Myself, I consider 1.1.0 a kind-of -devel version for lack of support in other ports. Analogous to OpenSSL 1.0.0 which hasn't seen widespread use either. 1.1.1 brings additional features, primarily TLSv1.3, that make it a target to be really used by e.g. web-servers. In the background I have been working on updating security/openssl to 1.1 branch, but little of that has been visible. Amongst others I've revisited the ports marked BROKEN with 1.1. The fall-out is still too large to make this viable at this moment. Blocking in my opinion: - Qt4 & Qt5 (network) - MIT krb5 - net-snmp - MySQL Currently blocking but fixable by switching versions - Erlang 19 -> 20 - ... Fall-out can be seen on my poudriere bulk-builder (with thanks to Warwick Uni for letting me use it) https://keg.brnrd.eu/ Status for 1.1(.0) branch visible here https://wiki.freebsd.org/OpenSSL/1.1.0 Bernard.