On 1/19/21 1:18 PM, Daniel Jakots wrote: > On Tue, 19 Jan 2021 10:58:24 -0500, Aisha Tammy > <openbsd.po...@aisha.cc> wrote: > >> On 1/18/21 2:00 PM, Stuart Henderson wrote: >>> On 2021/01/18 13:15, Aisha Tammy wrote: >>>> Hi, >>>> I've attached update for haproxy. >>> >>> Probably best talk to maintainer, some people prefer to keep ports >>> on LTS versions. >>> >> >> I see. I've cc'ed Daniel for their input. > > Yes, please cc maintainers. > > I probably won't have time to look at it before the weekend but here's > a few things. Please don't send just diff but give details about what > you looked at. The committer will need to figure some stuff out, stuff > that you should already have figured yourself. It's helpful to mention > them to avoid duplicate work. > > Here's what I have in mind: can you link the release notes? Bonus point > if you noticed anything worth mentioning. > What have you tested? New Haproxy brings most of the time some libressl > "fun", and iirc they reworked the logging. As a maintainer note, here's > what happens with haproxy users: "few" people try their setups on > -current and whenever there's a new OpenBSD release, a few days after > it people complain stuff is broken :) > > Lastly, why do you want to update to 2.3? Is there any new feature you > need/want? As Stuart mentioned, some people prefer to keep ports on LTS > versions. While I'm not saying it's my case, a compelling reason is > helpful ;) > > > Cheers, > Daniel >
Hi, I've linked the release note highlights of 2.2 https://www.mail-archive.com/haproxy@formilux.org/msg37852.html and the full changelog of 2.3 https://www.haproxy.org/download/2.3/src/CHANGELOG An important highlight (which is why I updated haproxy) was that since 2.2 haproxy now supports keeping the private and public keys in separate files, while previously, they needed to be in the same file. This allows us to directly use the output of acme-client(1) without doing extra scripting. The latest stable is 2.3.4, the latest LTS is 2.2. Both of them have the acme-client compatibility so I am fine with either (though personally I'm partial to 2.3 just cuz its new and shiny). The libressl support seems to be doing fine. I have a test website running behind haproxy which is working (with ocsp as well) https://www.epsilonknot.xyz, so that seems OK. The logging is definitely something I have not looked into a lot so if someone can take a peek at that, that would be nice. Thanks a lot! Best, Aisha
