On Jun 24 23:21, Matthias Andree wrote: > Corinna Vinschen wrote on 2010-06-24: > >On Jun 24 20:13, Matthias Andree wrote: > >>Corinna Vinschen wrote on 2010-06-24: > >>>I have no idea about this stuff. I'm maintaining openssl primarily > >>>since it's required for openssh. If there's anything which isn't > >>>fixed upstream, it won't be fixed for Cygwin. The Cygwin 1.0.0a-1 > >>>package is from the vanilla sources. The 0.9.8 runtime libs will > >>>only be kept in place until all packages using it have been > >>converted to > >>>1.0.0. I have no incentive to keep old runtime libs indefinitely. > >> > >>Then please hold your horses. Do it wrong and the upgrade breaks > >>OpenSSL on lots of installations. > >> > >>And: if the upgrade isn't done properly, bug reports about this will > >>often be misfiled with the application programmers as regressions. > >><http://www.fetchmail.info/fetchmail-FAQ.html#R14> and > >><http://www.fetchmail.info/> bear testimonies of such misfilings :) > >> > >>Here's the short scoop: > >> > >>- OpenSSL 1.0.0 uses a different hash for /usr/ssl/certs than 0.9.8 > >>did, so after the default ssl version is upgraded to 1.0.0, c_rehash > >>needs to be run on that directory. > > > >Openssl does not come with any certificate and there's no certificate > >package in Cygwin either. AFAICS it would be sufficient to move to > >another ssl directory like, say, /usr/share/ssl instead of /usr/ssl. > >The user can copy and rehash any certificates manually, or install > >root certificates from scratch for 1.0.0. > > I see you are taking this upgrade far too lightly. > [...] > Not shipping certs by default is no excuse for stomping over and > breaking user setups.
Moving the directory won't break anything. The old dir isn't removed or something. > If you change the ssldir to /usr/share, the postinstall script > should move the contents from /usr/ssl to /usr/share/ssl. > At least users should be told there is manual intervention (move > certs, rehash) required BEFORE they can proceed to installation. If we move the dir, I will certainly mention this in the announcement. > This was my last unsolicited warning on this matter. > > You have been warned. Would you like to take over openssl maintainership? Apparently I'm not qualified for this. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat
