On Mon, 26 Jan 2026 at 14:56, Colin <[email protected]> wrote: > Lastly, the openssl-oss-module-legacy package is enabled by default in the > OpenSSL recipe, so by disabling this support by default, I'd be introducing > inconsistent behavior. > > I'm happy to push up a v2 patch disabling this packageconfig option by > default, but I think that should be accompanied with a patch disabling the > openssl-oss-module-legacy package by default as well. > > Please let me know what you think would be best.
Thanks for the extended answer. Basically yes, I think we should start by looking at openssl itself. It would be good to make a couple of patches: - adding a packageconfig for legacy, and enabling that by default (to preserve existing behavior) - removing legacy from the defaults (for a more secure build, if openssl itself isn't willing to pick that default for its users, which I disagree with) Then the changes in these patches can be reviewed separately. python3-cryptography ideally should auto-configure itself at runtime: if legacy is present, it can be used, if not, then it's not available. Otherwise, there should also be a couple patches for it: - packageconfig for legacy, enabled by default (basically the current patch as it is is alright) - removing legacy from defaults (would be merged in lockstep with the same change in openssl) You can add the various supporting links and other information in your message across the patches, as you see fit. Alex
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#230024): https://lists.openembedded.org/g/openembedded-core/message/230024 Mute This Topic: https://lists.openembedded.org/mt/117394116/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
