[oi-dev] openssl and gmake REQUIRED_PACKAGES
Tim Mooney
Tim.Mooney at ndsu.edu
Mon Feb 22 21:05:10 UTC 2021
In regard to: [oi-dev] openssl and gmake REQUIRED_PACKAGES, stes at PANDORA.BE...:
There's one specific part of this I want to comment upon:
> How were the upgrades of openssl done in the past ?
>
> Isn't the easiest way to use the old strategy from the past to upgrade openssl,
> and then (without mediator I suppose) upgrade all packages to the new openssl ?
No, the new strategy is (in my opinion) a huge improvement over the old
strategy.
Because of the huge list of packages that depend upon openssl, in the
past when there was a breaking ABI change in openssl, the only way to
upgrade was to undertake a massive effort to upgrade openssl + all
dependencies at once. It was a huge barrier for all but the most
experienced packagers. I looked at updating openssl last year and once
I saw what was involved, I gave up and went on to other tasks.
With the new mediator-based approach, it's much easier to upgrade
dependencies in smaller chunks. It also puts us in a better place for
when OpenSSL 3.0 is released, as packages can be migrated to that slowly
over time while both 1.1.x and 3.0.x are supported.
I hope that a few other libraries with huge dependencies (I'm looking at
you, library/icu) can eventually be converted to the mediator approach.
It makes it possible to move dependencies to a new version in phases,
rather than having to do it all at once.
I'm very thankful that Aurélien made this improvement to our
openssl package.
Tim
--
Tim Mooney Tim.Mooney at ndsu.edu
Enterprise Computing & Infrastructure /
Division of Information Technology / 701-231-1076 (Voice)
North Dakota State University, Fargo, ND 58105-5164
More information about the oi-dev
mailing list