So I presume then that python2.7 in Debian works flawlessly with OpenSSL 3.0.0, no regressions, no security issues and no ABI problems right?
On Thu, Jun 30, 2022 at 5:13 PM Robbie Harwood <rharw...@redhat.com> wrote: > Charalampos Stratakis <cstra...@redhat.com> writes: > > > Unfortunately that effort is moot, it's really not possible to make > > python2.7 compatible with OpenSSL 3.0.0, I mean even the latest Python > > versions are not 100% compatible for various reasons. > > > > In trying to make it compatible there are also ABI changes introduced, > > it's not only about having the tests pass. The ssl module is already > > complex enough in backporting changes from the master Python branch to > > previous 3.x versions, doing that for 2.7 without a full fledged > > effort from SSL and the Python C API experts guarantee there's gonna > > be regressions. And that's not even taking into account the security > > implications of randomly cherry-picking commits just to have the > > package compile. > > I'm having trouble understanding this because Debian seems to have > carried out what you're saying is impossible: in testing, they ship a > python2.7 that appears to be using openssl 3, and do not ship openssl > 1.1 at all. There are also a handful of clearly openssl 3-related > patches in their tree > https://salsa.debian.org/cpython-team/python2/-/tree/master/debian/patches > > Have folks looked at how they do this, and whether we could adapt it to > Fedora? > > Be well, > --Robbie > -- Regards, Charalampos Stratakis Senior Software Engineer Python Maintenance Team, Red Hat
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure