Received: from mx1.mailbun.net (mx1.mailbun.net [170.39.20.100])
	by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id E023F780CFA
	for <~alpine/devel@lists.alpinelinux.org>; Sat, 16 Oct 2021 07:16:33 +0000 (UTC)
Received: from [192.168.1.3] (unknown [172.56.6.38])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	(Authenticated sender: ariadne@dereferenced.org)
	by mx1.mailbun.net (Postfix) with ESMTPSA id 354CD1173FA
	for <~alpine/devel@lists.alpinelinux.org>; Sat, 16 Oct 2021 07:16:31 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dereferenced.org;
	s=mailbun; t=1634368591;
	bh=iHm4yLOBH0sXn5Qbo1ZC1l4TD9H06/iK4JTB1RD/weg=;
	h=Date:From:To:Subject;
	b=cSdHRSYnIX1CRWHPnuYOY3cbEhhCQMngWXnpR/AYiNO4rPgM4o/ZnSVBP8Zth4neg
	 joiOq1rqUwbxStl4kyUZjbyuykY38Gelb7mPCRU3AUyLqMs+ay2Sqph0+lTzWTolE/
	 dziDe3ve9vYA4hxt8xVL6Xyi3d0hOqDxKKHW0VpDAzLzSjgyl+i+Me7prKwT3CoE47
	 5Z3gTBr5wuw+UwSAFR7IbE1tArwtAp/kGLyqFeqhsi24OmBpe59NE3T4kUhHluwS7f
	 G2nzu8nq6gTCBpF+vMPWwLFBnG1vP62aK0k7dWPLClXTDxBUlaSEo1nv6+SMQjs7lQ
	 vh/aOJozVhwAg==
Date: Sat, 16 Oct 2021 02:16:24 -0500 (CDT)
From: Ariadne Conill <ariadne@dereferenced.org>
To: ~alpine/devel@lists.alpinelinux.org
Subject: Heads up: OpenSSL 3 -> 1.1 migration underway
Message-ID: <42c12a5f-f1a8-fb51-5d70-5d27409e1814@dereferenced.org>
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset=US-ASCII

Hello,

As part of the 3.15 release cycle, we planned to upgrade the system 
OpenSSL to 3.0, because of the improved licensing and isolation of legacy, 
known-broken cryptographic primitives behind a legacy provider module.

Unfortunately, this migration hit a few regressions, notably in apk-tools, 
but also some packages like MariaDB were not anywhere near ready to be 
used in production with OpenSSL 3.  We decided to wait a few weeks to see 
what happened, but we hit a key decision point (preparation for Alpine 
3.15 soft freeze) without any resolution, and so the contingency plan 
automatically came into effect.

The contingency plan, of course, being that we would move back to OpenSSL 
1.1.

We will re-evaluate the situation in Alpine 3.16 when OpenSSL 3.1 is 
released.

In practical terms, this means that your APKBUILDs have been modified 
where appropriate to depend on OpenSSL 1.1 explicitly.  This is to give 
the packages a stable dependency tree while the openssl-dev provider is 
flipped to openssl1.1-compat-dev.

Later next week, main/openssl will transition to community/openssl3, and 
main/openssl1.1-compat will transition to main/openssl.  This step will 
not require any rebuild.

Thanks in advance for everyone's patience!

Ariadne