On 08/02/18 19:45, Thiago Macieira wrote:
> Only for 5.11 onward, so shouldn't affect the 5.6 and 5.9 LTS (which don't 
> have OpenSSL 1.1 support anyway) or any 5.10.x releases still to come.
> 
> As a bonus side-effect, users who hadn't realised they have an old, not-up-to-
> date OpenSSL will have to fix the issue.

However there's many users that *do* have realized that but are waiting
on a new release of a distribution. I'm specifically looking at Ubuntu
16.04 LTS [1].

Ubuntu 18.04 LTS will have OpenSSL 1.1 [2] (it literally landed a few
days ago [3]) but the first recommended upgrade for LTS users is 18.04.1
[4], which will came in Q3 with any luck (no data available yet, basing
the estimate on 16.04.1 [5]).

Centos 7 / RHEL 7 also have 1.0.2 [6].

OpenSUSE Leap 42.3 also has 1.0.2 [7].


Which made me think, are we even testing OpenSSL 1.1 in our CI? So I
took this run on dev from a few days ago:

> https://testresults.qt.io/coin/integration/qt/qtbase/tasks/1518126028

According to the logs, not a single configuration is building and
testing the OpenSSL 1.1 support.


In the light of everything above, I'm against this change for 5.11. The
earliest acceptable would be 5.12, after announcing it in 5.11, and
after adding significant coverage for it to the CI.


My 2 cents,





> [1] https://packages.ubuntu.com/xenial/openssl

> [2] https://packages.ubuntu.com/bionic/openssl

> [3] 
> http://changelogs.ubuntu.com/changelogs/pool/main/o/openssl/openssl_1.1.0g-2ubuntu1/changelog

> [4] https://help.ubuntu.com/lts/serverguide/installing-upgrading.html

> [5] https://wiki.ubuntu.com/XenialXerus/ReleaseSchedule

> [6] https://git.centos.org/summary/?r=rpms/openssl.git

> [7] https://software.opensuse.org/package/openssl



-- 
Giuseppe D'Angelo | giuseppe.dang...@kdab.com | Senior Software Engineer
KDAB (France) S.A.S., a KDAB Group company
Tel. France +33 (0)4 90 84 08 53, http://www.kdab.com
KDAB - The Qt, C++ and OpenGL Experts

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Development mailing list
Development@qt-project.org
http://lists.qt-project.org/mailman/listinfo/development

Reply via email to