On 08/02/18 19:45, Thiago Macieira wrote: > Only for 5.11 onward, so shouldn't affect the 5.6 and 5.9 LTS (which don't > have OpenSSL 1.1 support anyway) or any 5.10.x releases still to come. > > As a bonus side-effect, users who hadn't realised they have an old, not-up-to- > date OpenSSL will have to fix the issue.
However there's many users that *do* have realized that but are waiting on a new release of a distribution. I'm specifically looking at Ubuntu 16.04 LTS [1]. Ubuntu 18.04 LTS will have OpenSSL 1.1 [2] (it literally landed a few days ago [3]) but the first recommended upgrade for LTS users is 18.04.1 [4], which will came in Q3 with any luck (no data available yet, basing the estimate on 16.04.1 [5]). Centos 7 / RHEL 7 also have 1.0.2 [6]. OpenSUSE Leap 42.3 also has 1.0.2 [7]. Which made me think, are we even testing OpenSSL 1.1 in our CI? So I took this run on dev from a few days ago: > https://testresults.qt.io/coin/integration/qt/qtbase/tasks/1518126028 According to the logs, not a single configuration is building and testing the OpenSSL 1.1 support. In the light of everything above, I'm against this change for 5.11. The earliest acceptable would be 5.12, after announcing it in 5.11, and after adding significant coverage for it to the CI. My 2 cents, > [1] https://packages.ubuntu.com/xenial/openssl > [2] https://packages.ubuntu.com/bionic/openssl > [3] > http://changelogs.ubuntu.com/changelogs/pool/main/o/openssl/openssl_1.1.0g-2ubuntu1/changelog > [4] https://help.ubuntu.com/lts/serverguide/installing-upgrading.html > [5] https://wiki.ubuntu.com/XenialXerus/ReleaseSchedule > [6] https://git.centos.org/summary/?r=rpms/openssl.git > [7] https://software.opensuse.org/package/openssl -- Giuseppe D'Angelo | [email protected] | Senior Software Engineer KDAB (France) S.A.S., a KDAB Group company Tel. France +33 (0)4 90 84 08 53, http://www.kdab.com KDAB - The Qt, C++ and OpenGL Experts
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Development mailing list [email protected] http://lists.qt-project.org/mailman/listinfo/development
