[Buildroot] [PATCH 1/1] package/python3: drop libressl support

Arnout Vandecappelle arnout at mind.be
Wed Apr 27 15:41:53 UTC 2022 


On 27/04/2022 10:42, James Hilliard wrote:
> On Wed, Apr 27, 2022 at 2:31 AM Thomas Petazzoni
> <thomas.petazzoni at bootlin.com> wrote:
>>
>> Hello James,
>>
>> On Tue, 26 Apr 2022 21:50:39 -0600
>> James Hilliard <james.hilliard1 at gmail.com> wrote:
>>
>>> Libressl is no longer supported as of python 3.10.
>>>
>>> See: https://peps.python.org/pep-0644/#libressl
>>>
>>> Fixes:
>>>   - http://autobuild.buildroot.net/results/a16/a160cfdc9dfc036c4dc41af1c796f8838d91c573
>>>
>>> Signed-off-by: James Hilliard <james.hilliard1 at gmail.com>
>>
>> Thanks for your patch. I think it raises one question: is libressl
>> still relevant? Should we still support it?
> 
> Well it's still actively maintained at least.
> 
>>
>> My understanding was that it is not really a successful fork, and in
>> the end, openssl has mostly caught up and remains the de-facto standard
>> implementation. See https://lwn.net/Articles/841664/.
> 
> We do support a number of other rather uncommon ssl implementations
> in general, and at least it's easy enough to disable for unsupported
> configurations.
> 
>>
>> I don't have a very well-informed opinion, but perhaps we should think
>> about this?
> 
> Yeah, not really sure, it may be useful to keep around, I think it has an
> alternative updated API to openssl's updated API that may be desirable
> for some use cases, although probably not the most commonly used.

  At that point, however, having libressl as a virtual package alternative for 
openssl becomes less and less realistic. Virtual packages should only be used if 
the alternatives can be considered drop-in replacements with compatible API. A 
few exceptions are acceptable, but it's becoming too much.

  We should also start thinking what to do with openssl 3. It has an API that is 
somewhat compatible with openssl 1.1.1, but there are almost no packages that 
can use it without any changes. This could actually be an opportunity to get 
aout of this mess: most packages that are not compatible with libressl are 
probably already compatible with openssl 3. So if we introduce an openssl3 
package, we can migrate the packages that don't like libressl to that, and leave 
the choice between openssl 1.1.1 and libressl for legacy and BSD packages.

  Regards,
  Arnout

More information about the buildroot mailing list