[oi-dev] OpenSSL 1.0.0 replacing 0.9.8 in userland-gate = massive headache

Josef 'Jeff' Sipek jeffpc at josefsipek.net
Sat Sep 3 22:58:07 UTC 2011

On Sat, Sep 03, 2011 at 09:56:12PM +0100, Alasdair Lumsden wrote:
> Hi All,
> In Oracle's official userland-gate, they have replaced OpenSSL 0.9.8
> with 1.0.0. This has massive ramifications, because everything
> linked against OpenSSL 0.9.8 breaks as soon as
> library/security/openssl gets upgraded, including pkg, which is all
> kinds of fun.

Hrm.  How is Oracle dealing with it?  As you pointed out yourself,
rebuilding everything one ships is easy...it's the binaries out there that
expect the older version to exist.

I suppose it all depends on when the upstream (openssl in this case) makes
the new (major) release.  I'm thinking that...

- stable should ignore it
- experimental should do this compat idea

Since dev is supposed to be experimental snapshot, it'll inherit whatever
was in experimental at the time.

> 2. Do the upgrade, but also ship an openssl 0.9.8 compatibility
> package and make the new one depend on it - this lets old software
> continue to run whilst recompiles pick up the new OpenSSL. Slowly
> transition to OpenSSL 1.0.0.

I'm thinking this is the best way forward.  I would also suggest that we
decide how long those packages exists because keeping them around adds
additional work that someone has to do.  If that particular dev build turns
into stable, then it should stay there for a long while.  At the same time
experimental can "safely" rip it out after "enough time elapses.

> library/security/openssl/compatibility/0.9.8

Sounds good.


I have always wished for my computer to be as easy to use as my telephone;
my wish has come true because I can no longer figure out how to use my
		- Bjarne Stroustrup

More information about the oi-dev mailing list