On 29. 6. 25 09:41, Branko Čibej wrote:
On 27. 6. 25 11:42, Daniel Sahlberg wrote:
Hi,
I'm very happy to see the rekindled interest in Serf development and the
recent work by Brane on the user-defined-authn branch and by Graham
on the
OpenSSL "certificate by URI" PR. I'm planning on reviewing those things
during the weekend. When these are merged (and it doesn't only depend on
me, it is of course a team effort reviewing and merging!) we should
start
thinking about a new release.
I don't think it makes sense to backport to 1.3 - they would add new
APIs
that require a version bump.
The existing 1.4.x branch was created in 2018 and received a few
backports
the same year but it lacks significant work from trunk, for example
Evgeny's OpenSSL3 work in 2022 that led up to the release of 1.3.10.
I'm proposing to drop the current 1.4.x branch and create a new one
based
on trunk. Alternative option to drop 1.4.x completely and instead
name the
new release 1.5.
I'm inclined towards calling the next release 1.5 and retiring 1.4.x.
There are so many changes on trunk that have not been backported that
it would amount to the same thing -- a wholesale merge from trunk.
Gathering all the backport proposals into STATUS and then voting on
each one would take longer than validating that trunk is stable.
I've been testing serf-trunk with subversion-trunk and all seems fine.
There are new features that Subversion doesn't use (specifically, the
OCSP stuff for validating certificates -- but, AFAIK, that's still
live somewhere else). Whether or not they pick this up is really not a
question we have to solve before releasing.
I take that back. I just tried a checkout of the Subversion repo with
serf-trunk via HTTPS. Crashes in SSL_CTX_new(), with OpenSSL 3.5.0,
works fine over HTTP. This is not cool. I hope I didn't introduce a fine
bug with some of my recent changes.
Ah well. This all goes towards stabilising trunk.
-- Brane
