[Development] Suggestion: switch binary builds to OpenSSL 1.1 in Qt 5.11
Giuseppe D'Angelo
giuseppe.dangelo at kdab.com
Fri Feb 9 11:59:31 CET 2018
On 08/02/18 19:45, Thiago Macieira wrote:
> Only for 5.11 onward, so shouldn't affect the 5.6 and 5.9 LTS (which don't
> have OpenSSL 1.1 support anyway) or any 5.10.x releases still to come.
>
> As a bonus side-effect, users who hadn't realised they have an old, not-up-to-
> date OpenSSL will have to fix the issue.
However there's many users that *do* have realized that but are waiting
on a new release of a distribution. I'm specifically looking at Ubuntu
16.04 LTS [1].
Ubuntu 18.04 LTS will have OpenSSL 1.1 [2] (it literally landed a few
days ago [3]) but the first recommended upgrade for LTS users is 18.04.1
[4], which will came in Q3 with any luck (no data available yet, basing
the estimate on 16.04.1 [5]).
Centos 7 / RHEL 7 also have 1.0.2 [6].
OpenSUSE Leap 42.3 also has 1.0.2 [7].
Which made me think, are we even testing OpenSSL 1.1 in our CI? So I
took this run on dev from a few days ago:
> https://testresults.qt.io/coin/integration/qt/qtbase/tasks/1518126028
According to the logs, not a single configuration is building and
testing the OpenSSL 1.1 support.
In the light of everything above, I'm against this change for 5.11. The
earliest acceptable would be 5.12, after announcing it in 5.11, and
after adding significant coverage for it to the CI.
My 2 cents,
> [1] https://packages.ubuntu.com/xenial/openssl
> [2] https://packages.ubuntu.com/bionic/openssl
> [3] http://changelogs.ubuntu.com/changelogs/pool/main/o/openssl/openssl_1.1.0g-2ubuntu1/changelog
> [4] https://help.ubuntu.com/lts/serverguide/installing-upgrading.html
> [5] https://wiki.ubuntu.com/XenialXerus/ReleaseSchedule
> [6] https://git.centos.org/summary/?r=rpms/openssl.git
> [7] https://software.opensuse.org/package/openssl
--
Giuseppe D'Angelo | giuseppe.dangelo at kdab.com | Senior Software Engineer
KDAB (France) S.A.S., a KDAB Group company
Tel. France +33 (0)4 90 84 08 53, http://www.kdab.com
KDAB - The Qt, C++ and OpenGL Experts
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4007 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.qt-project.org/pipermail/development/attachments/20180209/d299d90e/attachment.bin>
More information about the Development
mailing list