On 22.11.2017 07:28, Cooke, Mark wrote: >> -----Original Message----- >> From: Branko Čibej [mailto:br...@apache.org] >> Sent: 21 November 2017 21:01 >> >> On 21.11.2017 21:43, Eric Johnson wrote: >>> I don't know if this helps, but I run Subversion on a Gentoo system, >>> which is constantly upgrading to newer versions of software. Gentoo >>> does a really good job of only marking stuff stable when it is >>> actually stable. So if Gentoo doesn't have openssl 1.1 in use, there's >>> a really good reason. >>> >>> This is what is currently "stable" on my Gentoo system running >>> Subversion (which is a few weeks old - minor updates might be available): >> Not-so-minor updates are, in fact available. :) >> >>> *Apache httpd 2.4.27 >>> *Apache Serf(tm) 1.3.8 >> Should be 1.3.9. >> >>> *APR 1.5.2 >> Should be 1.6.3. >> >>> *APR-util 1.5.4 >> Should be 1.6.1. >> >>> *APR iconv (not installed on my machine) >> Not needed in Unix-like environments that have libiconv generally available. >> Not needed on Windows >> because we use the native character encoding conversion functions (since ... >> I don't recall when, but >> it's been quite a while). >> >>> *Expat 2.2.1 >>> *OpenSSL 1.0.2l >>> *PCRE 8.41 >> I have _no_ idea how PCRE got on this list. Subversion itself does not use >> it, nor, as far as I'm >> aware, do Serf, APR or APR-Util. > I imagine that APR-iconv and PCRE are in the MaxSVN list (and mine) due to > building apache httpd as well?
That's possible; HTTPD does use PCRE and possibly APR-iconv (on Windows). >>> *SQLite 3.19.3 >>> *ZLib 1.2.11 >>> >>> Specifically, in the case of openssl, I found this bug tracking all >>> the compatibility problems: https://bugs.gentoo.org/592438 . Seems >>> like you probably want to stay away from it. >> Serf trunk can be compiled with 1.1, but I'm not sure how far along the >> 1.3.x release branch is. >> Whilst OpenSSL 1.1 has made some really unfortunate decisions that break API >> compatibility with the >> 1.0.x line, there are also a number of serious bugs fixed in it ... >> >> -- Brane > ...so is svn still waiting on support in other packages? Subversion does not use OpenSSL directly. It uses Serf, which in turn uses OpenSSL to support HTTPS. > Bottom line is that I should still use the 1.0.2 line for now? Yes. -- Brane
