Re: [LEDE-DEV] Fading out PolarSSL
On Tue, 2017-01-03 at 17:32 +0100, Steven Barth wrote: > Hey everyone, > > > > > Currently known remaining users of polarssl are: > > > > * bmx7 > > * pianod > > * shadowsocks-libev-polarssl > > * shairport-sync-mini > > * shairport-sync-polarssl > > * transmission-cli-polarssl > > * transmission-daemon-polarssl > > * transmission-remote-polarssl > > * umurmur-polarssl > > > > > > Please provide feedback on which approach you'd prefer and if you'd be > > affected by the PolarSSL deprecation or not. > I think for all but the first two from this list, there is a > non-polarssl version already packaged. > Which would mainly leave bmx7 and pianod as main concerns. I think the > former used to work with cyassl > at some point in time and the latter should work with gnutls. Both of > which we have, so it might just > be a minor change to the packaging Makefiles. > > So from my point of view dropping libpolarssl now (with a bit of upfront > notice to the maintainers) > makes more sense than trying to drop a package later which is a bit of > unexpected and am not sure if > it can be effectively announced in a service release and just delays the > inevitable. > > > Cheers, > > Steven > > ___ > lede-adm mailing list > lede-...@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/lede-adm Drop it now. Speaking for pianod and shairport-sync... I have already updated pianod (which I still develop) to use mbed TLS and I am currently working with the shairport- sync developer to replace PolarSSL with mbed TLS this weekend. /ted ___ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
Re: [LEDE-DEV] Fading out PolarSSL
Hi, I'm in favor of dropping it, don't see anything good in keeping outdated and unsupported libraries. As far as package status goes... shadowsocks-libev --> https://github.com/openwrt/packages/pull/3729 + https://github.com/lede-project/source/pull/657 pianod + shairport-sync* --> https://github.com/openwrt/packages/issues/3733 transmission* --> https://github.com/openwrt/packages/issues/3731 umurmur --> doesn't compile, pr submitted upstream Best regards, Daniel ___ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
Re: [LEDE-DEV] Fading out PolarSSL
Jo-Philipp Wichwrites: > Hi list, > > the mbed TLS project (formerly known as PolarSSL) declared the mbedTLS > 1.3 branch (packaged as "libpolarssl" by LEDE) to be EOL with the end of > the year 2016. [1] > > In order to avoid shipping an outdated and possibly vulnerable SSL > library with the first LEDE release we begun migrating core package > dependencies and default library choices to the "mbedtls" package which > includes the most recent 2.4.0 release of mbedTLS. > > There has been an ongoing discussion in IRC on how to handle the > remaining users of the legacy PolarSSL package and whether to ship this > library with the initial release and remove it later or whether to drop > it now in order to catch potential fallout early. > > Since we didn't want to single-handedly decide this issue in IRC I took > the topic to the list now to facilitate wider feedback. > > Right now there are more or less two approaches proposed: > > a) Keep libpolarssl available for the initial 17.01.0 release and drop >it with the first maintenance release 17.01.1 about 6-8 weeks later > > b) Drop libpolarssl now, even before branching and urge the feed package >maintainers to migrate users of libpolarssl to the libmbedtls >variant I'd say drop it immediately unless there is a pressing reason not to (i.e., an important package that can't be ported). Far better to deal with the fallout during an RC phase than have a possible regression on a point release six weeks from now. And we won't be doing anyone any favours by shipping a known obsolete SSL library in the first release. Dropping it also makes sure that we get a chance to weed out all packages that are still inadvertently built against the old version (libcurl depends on libpolarssl on my install from last night's nightly build, for instance). -Toke ___ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev