Wiki Link: https://fedoraproject.org/wiki/Changes/RemoveOpensslCompat
Discussion.fpo Link: https://discussion.fedoraproject.org/t/f40-change-proposal-removing-openssl-1-1-package-system-wide/92899 == Summary == We are going to remove the openssl1.1 package from Fedora 40. == Owner == * Name: [[User:DmitryBelyavskiy| Dmitry Belyavskiy]] * Email: dbely...@redhat.com == Detailed Description == In Fedora 36 we switched to OpenSSL 3.0 branch. This is a brand new version with new architecture. We left the openssl1.1 package for the applications that were unable to switch to the new API/architecture, 3rd-party applications, etc. The package was marked as deprecated in F37. OpenSSL 1.1.1 has reached EOL in September 2023. We want to remove it from Fedora. == Feedback == == Benefit to Fedora == This proposal ensures than no new packages in Fedora will use the deprecated OpenSSL version that will cause an overall increase of security/stability. It will also reduce the maintenance burden for the OpenSSL maintainers, especially when new CVEs are published. == Scope == * Proposal owners: provide assistance in migration to other developers. * Other developers: Patch their packages to work with OpenSSL 3.0. * Release engineering: This feature doesn't require coordination with release engineering. * Policies and guidelines: N/A (not needed for this Change) <!-- REQUIRED FOR SYSTEM WIDE CHANGES --> * Trademark approval: N/A (not needed for this Change) * Alignment with Community Initiatives: == Upgrade/compatibility impact == 3rd-party packages depending on OpenSSL 1.1.1 should be replaced with new versions using new OpenSSL 3.0+. == How To Test == OpenSSL 1.1 should not be available to install from Fedora repository. No packages should depend on OpenSSL 1.1.1. == User Experience == Shouldn't be affected. == Dependencies == We have found at least the following packages depending on OpenSSL 1.1: * gloo-0.5.0^git20230824.01a0c81-6.fc40.src.rpm * opensmtpd-6.8.0p2-12.fc39.src.rpm * python3.6-3.6.15-20.fc39.src.rpm == Contingency Plan == None. * Contingency mechanism: (What to do? Who will do it?) Package owners should update their packages to remove the dependency * Contingency deadline: beta freeze * Blocks release? Yes == Documentation == Should be mentioned in Release Notes. == Release Notes == openssl1.1 package is removed and should not be used by any packages. -- Aoife Moloney Product Owner Community Platform Engineering Team Red Hat EMEA Communications House Cork Road Waterford _______________________________________________ devel-announce mailing list -- devel-announce@lists.fedoraproject.org To unsubscribe send an email to devel-announce-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
