This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
Re: HEADSUP maintainers: Change in openssl package requires change in setup.hint
On Jun 24 23:21, Matthias Andree wrote:
> Corinna Vinschen wrote on 2010-06-24:
> >On Jun 24 20:13, Matthias Andree wrote:
> >>Corinna Vinschen wrote on 2010-06-24:
> >>>I have no idea about this stuff. I'm maintaining openssl primarily
> >>>since it's required for openssh. If there's anything which isn't
> >>>fixed upstream, it won't be fixed for Cygwin. The Cygwin 1.0.0a-1
> >>>package is from the vanilla sources. The 0.9.8 runtime libs will
> >>>only be kept in place until all packages using it have been
> >>converted to
> >>>1.0.0. I have no incentive to keep old runtime libs indefinitely.
> >>
> >>Then please hold your horses. Do it wrong and the upgrade breaks
> >>OpenSSL on lots of installations.
> >>
> >>And: if the upgrade isn't done properly, bug reports about this will
> >>often be misfiled with the application programmers as regressions.
> >><http://www.fetchmail.info/fetchmail-FAQ.html#R14> and
> >><http://www.fetchmail.info/> bear testimonies of such misfilings :)
> >>
> >>Here's the short scoop:
> >>
> >>- OpenSSL 1.0.0 uses a different hash for /usr/ssl/certs than 0.9.8
> >>did, so after the default ssl version is upgraded to 1.0.0, c_rehash
> >>needs to be run on that directory.
> >
> >Openssl does not come with any certificate and there's no certificate
> >package in Cygwin either. AFAICS it would be sufficient to move to
> >another ssl directory like, say, /usr/share/ssl instead of /usr/ssl.
> >The user can copy and rehash any certificates manually, or install
> >root certificates from scratch for 1.0.0.
>
> I see you are taking this upgrade far too lightly.
> [...]
> Not shipping certs by default is no excuse for stomping over and
> breaking user setups.
Moving the directory won't break anything. The old dir isn't removed
or something.
> If you change the ssldir to /usr/share, the postinstall script
> should move the contents from /usr/ssl to /usr/share/ssl.
> At least users should be told there is manual intervention (move
> certs, rehash) required BEFORE they can proceed to installation.
If we move the dir, I will certainly mention this in the announcement.
> This was my last unsolicited warning on this matter.
>
> You have been warned.
Would you like to take over openssl maintainership? Apparently I'm
not qualified for this.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Red Hat