* Alasdair Lumsden <[email protected]> [2011-09-03 22:56]: > There are two realistic options, and one unrealistic idealistic option: > > 1. Don't bother upgrading to OpenSSL 0.9.8, worry about it another day > > 2. Do the upgrade, but also ship an openssl 0.9.8 compatibility > package and make the new one depend on it - this lets old software > continue to run whilst recompiles pick up the new OpenSSL. Slowly > transition to OpenSSL 1.0.0. > > I've made such a package by pkgrecv'ing openssl 0.9.8, hacking out > everything except the libraries and republishing it locally as > library/security/openssl/compatibility/0.9.8 - works fine. > > 3. Do the upgrade. Rebuild everything against OpenSSL 1.0.0, and > release rebuilt software with the openssl 1.0.0 upgrade, in one > simultaneous release. > > Obviously 3 has ramifications beyond the base system, because any > third party software that depends on OpenSSL 0.9.8 will break. This > is why having a compatibility package is probably necessary > regardless.
IMO we should go with the second option for now since it will make the transition for consolidation builders easier and also addresses the issue of third party packackes. Once the build systems of all consolidations are integrated option 3 (+ compatibility package) should be unproblematic. -- Guido Berhoerster _______________________________________________ oi-dev mailing list [email protected] http://openindiana.org/mailman/listinfo/oi-dev
