This is the mail archive of the cygwin-apps mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: HEADSUP maintainers: Change in openssl package requires change in setup.hint


On Jun 24 23:21, Matthias Andree wrote:
> Corinna Vinschen wrote on 2010-06-24:
> >On Jun 24 20:13, Matthias Andree wrote:
> >>Corinna Vinschen wrote on 2010-06-24:
> >>>I have no idea about this stuff.  I'm maintaining openssl primarily
> >>>since it's required for openssh.  If there's anything which isn't
> >>>fixed upstream, it won't be fixed for Cygwin.  The Cygwin 1.0.0a-1
> >>>package is from the vanilla sources.  The 0.9.8 runtime libs will
> >>>only be kept in place until all packages using it have been
> >>converted to
> >>>1.0.0.  I have no incentive to keep old runtime libs indefinitely.
> >>
> >>Then please hold your horses.  Do it wrong and the upgrade breaks
> >>OpenSSL on lots of installations.
> >>
> >>And: if the upgrade isn't done properly, bug reports about this will
> >>often be misfiled with the application programmers as regressions.
> >><http://www.fetchmail.info/fetchmail-FAQ.html#R14> and
> >><http://www.fetchmail.info/> bear testimonies of such misfilings :)
> >>
> >>Here's the short scoop:
> >>
> >>- OpenSSL 1.0.0 uses a different hash for /usr/ssl/certs than 0.9.8
> >>did, so after the default ssl version is upgraded to 1.0.0, c_rehash
> >>needs to be run on that directory.
> >
> >Openssl does not come with any certificate and there's no certificate
> >package in Cygwin either.  AFAICS it would be sufficient to move to
> >another ssl directory like, say, /usr/share/ssl instead of /usr/ssl.
> >The user can copy and rehash any certificates manually, or install
> >root certificates from scratch for 1.0.0.
> 
> I see you are taking this upgrade far too lightly.
> [...]
> Not shipping certs by default is no excuse for stomping over and
> breaking user setups.

Moving the directory won't break anything.  The old dir isn't removed
or something.

> If you change the ssldir to /usr/share, the postinstall script
> should move the contents from /usr/ssl to /usr/share/ssl.
> At least users should be told there is manual intervention (move
> certs, rehash) required BEFORE they can proceed to installation.

If we move the dir, I will certainly mention this in the announcement.

> This was my last unsolicited warning on this matter.
> 
> You have been warned.

Would you like to take over openssl maintainership?  Apparently I'm
not qualified for this.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]