On Tue, Apr 2, 2024 at 3:12 PM Dmitry Belyavskiy <dbelyavs@redhat.com> wrote:
> Third-party engines may be a problem but as we don't break ABI, it's not a problem of the moment.
The fact you are removing the headers means it is
a problem for 3rd party engines who build from
source (and everyone should at least occasionally
be building from source as part of their CI).
I consider removing the headers as breaking
the API, as the headers define the API.
I agree with moving the engine header package to a separate devel package instead of removing it.
The headers already mark the engine APIs
as deprecated. Orgs with resources should
be starting their migration, although some
will defer it to the next quarter (and the
next....)
Yes. That's why I think the pressure in this direction is worth the effort.
I believe this should be part of OpenSSL 4.0.
It will be a clear change. There is no
compelling reason for this to happen
today via the headers. Instead this should
be a marketing campaign by OpenSSL
to remind everyone that engines are
going away with OpenSSL 4.0 with every
new set of release notes (first item,
in double bold), and that orgs need to
start their migration. And then do it again.
And then do it again. And when OpenSSL
4.0 is released, you can remind everyone
you warned them.
I agree that removing the engine stuff is clearly 4.0 stuff (or earlier version if .so version changes).
But there are steps that will indicate our moving in this direction and will allow reducing the number of packages to be changed.