[Releasing] [Interest] Qt 5.9 and OpenSSL 1.1?

Thiago Macieira thiago.macieira at intel.com
Fri Mar 22 16:04:23 CET 2019 

On Friday, 22 March 2019 05:05:29 PDT Lars Knoll wrote:
> > On 22 Mar 2019, at 03:12, Thiago Macieira <thiago.macieira at intel.com>
> > wrote:> 
> > On Wednesday, 20 March 2019 13:28:41 PDT Thiago Macieira wrote:
> >> Still, I don't think we should make a release after December this year,
> >> because of the OpenSSL support. I propose we shorten the 5.9 support to
> >> 30
> >> months, ending in November 2019 instead of May 2020, due to OpenSSL's EOL
> >> of the only branch we're compatible with.
> > 
> > Any reaction?
> 
> Is there an easy way to get 5.9 to work with OpenSSL 1.1?

Not sure. The commit that added OpenSSL 1.1 to 5.10 was backported by several 
Linux distros at the time. Some of them still do (openSUSE 15.1 for example).

What I don't know is about bugfixing commits on top of that. We need to 
inspect all commits to QtNetwork since 5.10 for OpenSSL 1.1 bugfixes and 
attempt to backport them. It's possible some of those don't apply properly. 
Hopefully those Linux distros have backported them too, but we can't count on 
it.

> > Another decision we'll have to make: we should begin making 5.12 and 5.13
> > releases linking to OpenSSL 1.1. Does the infra support this?
> 
> I think we should, but then we probably need to drop support for 1.0. What
> effect would that have on our supported platforms?

For the officially supported platforms, nothing. We continue supporting them.

What will change are the ones where our binaries run on. The first versions 
according to Distrowatch that have OpenSSL 1.1 are (release date / end of 
life):
* Debian 9 (2017-06-18 / ?)
* Fedora 26 (2017-07-11 / 2018-06)
* openSUSE 15 (2018-05-25 / 2019-11)
* Ubuntu 18.04 (2018-04-26 / 2023-04)

The following still distros don't have OpenSSL 1.1:
* CentOS / RHEL 6 (until 2020-11) and 7 (2024-06)
* Debian 8 (until 2020-05)
* Ubuntu 16.04 (until 2021-04)
* openSUSE 42.3 (until 2019-06)

If the loss of these is too big, we can build the Linux binaries for 5.12 
twice and let people choose which one to install. Or just QtNetwork and figure 
out a way to automatically select that one. 

For 5.13, I recommend OpenSSL 1.1 only.
-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel System Software Products

More information about the Releasing mailing list