[Buildroot] [PATCH 1/1] package/python3: drop libressl support
Arnout Vandecappelle
arnout at mind.be
Wed Apr 27 15:41:53 UTC 2022
On 27/04/2022 10:42, James Hilliard wrote:
> On Wed, Apr 27, 2022 at 2:31 AM Thomas Petazzoni
> <thomas.petazzoni at bootlin.com> wrote:
>>
>> Hello James,
>>
>> On Tue, 26 Apr 2022 21:50:39 -0600
>> James Hilliard <james.hilliard1 at gmail.com> wrote:
>>
>>> Libressl is no longer supported as of python 3.10.
>>>
>>> See: https://peps.python.org/pep-0644/#libressl
>>>
>>> Fixes:
>>> - http://autobuild.buildroot.net/results/a16/a160cfdc9dfc036c4dc41af1c796f8838d91c573
>>>
>>> Signed-off-by: James Hilliard <james.hilliard1 at gmail.com>
>>
>> Thanks for your patch. I think it raises one question: is libressl
>> still relevant? Should we still support it?
>
> Well it's still actively maintained at least.
>
>>
>> My understanding was that it is not really a successful fork, and in
>> the end, openssl has mostly caught up and remains the de-facto standard
>> implementation. See https://lwn.net/Articles/841664/.
>
> We do support a number of other rather uncommon ssl implementations
> in general, and at least it's easy enough to disable for unsupported
> configurations.
>
>>
>> I don't have a very well-informed opinion, but perhaps we should think
>> about this?
>
> Yeah, not really sure, it may be useful to keep around, I think it has an
> alternative updated API to openssl's updated API that may be desirable
> for some use cases, although probably not the most commonly used.
At that point, however, having libressl as a virtual package alternative for
openssl becomes less and less realistic. Virtual packages should only be used if
the alternatives can be considered drop-in replacements with compatible API. A
few exceptions are acceptable, but it's becoming too much.
We should also start thinking what to do with openssl 3. It has an API that is
somewhat compatible with openssl 1.1.1, but there are almost no packages that
can use it without any changes. This could actually be an opportunity to get
aout of this mess: most packages that are not compatible with libressl are
probably already compatible with openssl 3. So if we introduce an openssl3
package, we can migrate the packages that don't like libressl to that, and leave
the choice between openssl 1.1.1 and libressl for legacy and BSD packages.
Regards,
Arnout
More information about the buildroot
mailing list