From nobody Sat Jan 28 15:06:41 2023 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4P3yTq5DR6z3b40W for ; Sat, 28 Jan 2023 15:07:11 +0000 (UTC) (envelope-from doctor@doctor.nl2k.ab.ca) Received: from doctor.nl2k.ab.ca (doctor.nl2k.ab.ca [204.209.81.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4P3yTq2vHhz3tMY; Sat, 28 Jan 2023 15:07:11 +0000 (UTC) (envelope-from doctor@doctor.nl2k.ab.ca) Authentication-Results: mx1.freebsd.org; none Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96) (envelope-from ) id 1pLmmv-000HKy-1u; Sat, 28 Jan 2023 08:06:41 -0700 Date: Sat, 28 Jan 2023 08:06:41 -0700 From: The Doctor To: Yasuhiro Kimura Cc: freebsd-current@freebsd.org Subject: Re: Version of OpenSSL included in upcoming 14.0-RELEASE Message-ID: References: <20230128.163414.1398367828069957995.yasu@FreeBSD.org> List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230128.163414.1398367828069957995.yasu@FreeBSD.org> X-Rspamd-Queue-Id: 4P3yTq2vHhz3tMY X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:6171, ipnet:204.209.81.0/24, country:CA] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N On Sat, Jan 28, 2023 at 04:34:14PM +0900, Yasuhiro Kimura wrote: > Dear developers of base system, > > Though release process of 13.2-RELEASE has just started, please let me > talk about one more next one. > > According to the initial schedule of 14.0-RELEASE, release process > will start on April 25 and 14.0-RELEASE will be released on July > 17. > > https://www.freebsd.org/releases/14.0R/schedule/ > > So it means release process will start about 3 months later and > 14.0-RELEASE will be released about 5.5 months later. And I would like > to ask a question. > > Is it planned (or considered, scheduled, etc.) to upgrade version of > OpenSSL included in 14-CURRENT from 1.1.1 to 3.0? > > According to the "Release Strategy" page of upstream > (https://www.openssl.org/policies/releasestrat.html), OpenSSL 1.1.1 > will reach its EoL on September 11, 2023 and OpenSSL 3.0 will be > supported until September 7, 2026. Since EoL of OpenSSL 1.1.1 is only > after 2 months of the release of 14.0-RELEASE, it doesn't seems > realistic to include OpenSSL 1.1.1 in 14.0-RELEASE and upgrading to > OpenSSL 3.0 is inevitable. > > Though I'm not familiar with the incompatibility between OpenSSL 1.1.1 > and 3.0, I believe it is too optimistic to regard that build of > 14-CURRENT succeeds without any error just by updating > /usr/src/crypto/openssl from 1.1.1 to 3.0. So it will take for a while > (a few weeks?) to finish it. > > And it also affects build of ports. To be honest, it is rather my main > concern as ports committer. I checked Bugzilla and found following PR. > > Bug 258413 [exp-run] OpenSSL 3.0 upgrade > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=258413 > > Though it intends to check how many ports fails to be built if > security/openssl is updated to 3.0 and 'DEFAULT_VERSIONS+= openssl' is > set in /etc/make.conf, it is also applicable to after OpenSSL in > 14-CURRENT is updated to 3.0. And according to the result of exp-run, > it doesn't seem to be easy job to adapt ports tree to OpenSSL 3.0. So > it probably will take longer than updating base system. > > And considering these points, 3 months are not necessarily so long. So > I asked a question as above. > > Please let me know current status about it. > I also beleive that FreeBSD should now adopt Openssl 3.0 OPenssl 1.1.1 is about to be defunct. > Best Regards. > > --- > Yasuhiro Kimura > -- Member - Liberal International This is doctor@nk.ca Ici doctor@nk.ca Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising! Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b Birthdate: 29 Jan 1969 Redhill, Surrey, England Beware https://mindspring.com