Please consider removing the mask for dev-libs/openssl-1.1.1b-r2. It seems like it doesn't cause any major breakage any more. More and more packages are migrating to openssl-1.1.1 because it's LTS and 1.1.0 is becoming EOL later this year. I'm running a test on a stable amd64 with openssl-1.1.1 and it seems pretty good, just a few packages are failing, but fixes are mostly available in ~amd64, so it's enough to stabilize newer packages.
Should those 3 packages (rsyslog/mysql/percona-server with ssl support) block this?
Or maybe just add a version constraint for those few packages on <openssl-1.1?
I don't see any reason to rush here as long as openssl-1.1.0 still gets supported which is one year after release of openssl-1.1.1 according to [1] and that was in September 2018. If you really _want_ to use openssl-1.1.1, feel free to unmask it on your systems. I am successfully using it since June 2018 (dev-libs/openssl-1.1.1_pre7) so there should be no big fallout unless you hit these blockers (or find some new issues). What I'd like to see is some rush in fixing the remaining blocker bugs. When you look at [2], we still have quite some fallout with openssl-1.1* so I prefer to not add the remaining 1.1.1 blockers to that list especially because the list is really short. [1]: https://www.openssl.org/blog/blog/2018/05/18/new-lts/ [2]: https://bugs.gentoo.org/670574
I agree, by no means we should rush this. I was just pointing out that since version 1.1.1 seems good enough and only some corner cases are broken (for example broken test suites), it's maybe desirable to have more users test this since it will probably become our next stable version of openssl. I'm not saying to stabilize it, just unleash to ~arch. And nodejs is one of the reasons I started testing this because node 10 is the current LTS and it requires openssl 1.1. Are there any plans to stabilize openssl-1.1.0? If not, it means no recent nodejs will be stabilized until later of this year.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0a014f963e8b922f52d964c721c1d70b6a79b962 commit 0a014f963e8b922f52d964c721c1d70b6a79b962 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2019-08-17 20:15:39 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2019-08-17 20:16:52 +0000 package.mask: Unleashed dev-libs/openssl-1.1.1* to ~arch Closes: https://bugs.gentoo.org/683446 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> profiles/package.mask | 4 ---- 1 file changed, 4 deletions(-)
Thanks. Now there are probably other masks pending for this one to be removed as well.
# Craig Andrews <candrews@gentoo.org> (2019-01-01) # Requires dev-libs/openssl-1.1.1, Bug 674148 dev-libs/gost-engine # Hanno Boeck <hanno@gentoo.org (2018-12-23) # Needs new OpenSSL, should be unmasked together with # OpenSSL 1.1.1 >=app-crypt/osslsigncode-2.0
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=17965f0a95e26892353c8e8d056c011001b18ba6 commit 17965f0a95e26892353c8e8d056c011001b18ba6 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2019-08-18 13:49:20 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2019-08-18 13:52:49 +0000 profiles: lift dev-libs/gost-engine mask Bug: https://bugs.gentoo.org/674148 Bug: https://bugs.gentoo.org/683446 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> profiles/package.mask | 4 ---- 1 file changed, 4 deletions(-)
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1afc05da424eaf39be4027fd972c7eb470bbfc00 didn't land here.
