On 2026-02-07 12:28 PM, Dmitry Belyavskiy wrote:
As the OpenSSL maintainer, I don't see any problems with this.
I'm not saying the sky is falling. The problems are not severe. But I
think the purpose of our release cadence is to minimize the friction
between upstream projects' releases and the developers and other users
of their software. OpenSSL 3.3 and 3.4 were feature releases, and we
never shipped them. Developers who wanted access to the features
introduced in those releases did not get them.
The purpose of a distribution is to distribute software. It is a service
to upstream projects, as well as to users of the distro. When we don't
distribute software, we're not serving the interests of upstream projects.
3.2 was a good release, and all Moderate+ CVE fixes were backported to
Fedora 42.
Fedora 43/44 will have OpenSSL 3.5, and Fedora 445 I think will have
OpenSSL 4 which will not be LTS at all.
Yes, that's what I'm getting at. 3.2 was not an LTS release, and because
we didn't rebase OpenSSL in Fedora, we had to backport fixes instead of
merely shipping the patch release that the upstream project provided.
We have tools to automate a lot of the work we do. If we adopted
workflows that made better use of the automation, I think the project
would be more sustainable.
--
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://forge.fedoraproject.org/infra/tickets/issues/new
