You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The reason will be displayed to describe this comment to others. Learn more.
We're considering this, yes. It may involve revision bumping hundreds of formulae which depend on it though.
What's the exact breakage you are having though? OpenSSL 1.0 and 1.1 aren't exactly binary compatible so if something depended on 1.0 it probably won't work with 1.1 libraries.
In terms of Homebrew, no other formulae uses OpenSSL 1.0 any more.
The reason will be displayed to describe this comment to others. Learn more.
We have a machine bootstrap script that ensures this package, e.g.
brew list openssl >/dev/null 2>&1 || brew install openssl
because we have other scripts/tools that explicitly reference the openssl binary/command.
We're updating our bootstrap script now to reference openssl@1.1, but it would have been nicer if openssl always meant "the latest stable openssl version as determined by the Homebrew team" and haveopenssl@1.1 as an alias back to the (newly modified) openssl.rb file.
While this was a bit startling for us, it's also a quick fix for us, so I'm not terribly concerned. I just thought the openssl as always the latest stable version would be nice for users like us that explicitly reference it.
In this particular case, given the pervasiveness of the OpenSSL library, I can understand why that might not have been done for legacy and stability reasons. Maybe this is something that can be done in the future?
In any event, thank you for the hard work you guys continue to do for the project!
The reason will be displayed to describe this comment to others. Learn more.
openssl always meant "the latest stable openssl version as determined by the Homebrew team"
You're absolutely right in terms of how our version policy normally works. What would have normally been done was that openssl was exactly that and openssl@1.0 was what was removed today.
Unfortunately, for reasons that would've been decided on far before I was around (likely complications of having hundreds of formulae depend on it), that wasn't the case for openssl. It ultimately lead to in the end us actively discouraging using openssl over openssl@1.1, while many people would've been unaware of that. Indeed the confusion meant that we had a couple of new formula submitted using openssl as a dependency when openssl@1.1 was preferred.
I suppose the upside is that now you explicitly depend on 1.1. So if 3.0 came around tomorrow and broke everything again, your workflow won't fall apart from upgrading a openssl that may point to the latest version.
We'll figure out how to deal with the unversioned openssl.
The reason will be displayed to describe this comment to others. Learn more.
Apologies for the breakage. I don't think there was a clean way to do it, we were always going to have to break it for some users. The decision not to make openssl always be the latest version, which was linked to the scale of changes to be made, ended up biting us in the end.
In this particular case, given the pervasiveness of the OpenSSL library, I can understand why that might not have been done for legacy and stability reasons. Maybe this is something that can be done in the future?
We're definitely going to do that at some point, the problem is trying to do it without breaking things for users who currently have OpenSSL 1.0 installed as openssl…
0349a7cThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This deletion is now of course breaking tons of machines for us again ;)
Is there a reason
openssl.rbcan't be1.1and haveopenssl@1.1be an alias?I'm happy to add a PR for that if you think this is appropriate. Thoughts?
0349a7cThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We're considering this, yes. It may involve revision bumping hundreds of formulae which depend on it though.
What's the exact breakage you are having though? OpenSSL 1.0 and 1.1 aren't exactly binary compatible so if something depended on 1.0 it probably won't work with 1.1 libraries.
In terms of Homebrew, no other formulae uses OpenSSL 1.0 any more.
0349a7cThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have a machine bootstrap script that ensures this package, e.g.
brew list openssl >/dev/null 2>&1 || brew install opensslbecause we have other scripts/tools that explicitly reference the
opensslbinary/command.We're updating our bootstrap script now to reference
openssl@1.1, but it would have been nicer ifopensslalways meant "the latest stable openssl version as determined by the Homebrew team" and haveopenssl@1.1as an alias back to the (newly modified) openssl.rb file.While this was a bit startling for us, it's also a quick fix for us, so I'm not terribly concerned. I just thought the
opensslas always the latest stable version would be nice for users like us that explicitly reference it.In this particular case, given the pervasiveness of the OpenSSL library, I can understand why that might not have been done for legacy and stability reasons. Maybe this is something that can be done in the future?
In any event, thank you for the hard work you guys continue to do for the project!
0349a7cThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're absolutely right in terms of how our version policy normally works. What would have normally been done was that
opensslwas exactly that andopenssl@1.0was what was removed today.Unfortunately, for reasons that would've been decided on far before I was around (likely complications of having hundreds of formulae depend on it), that wasn't the case for
openssl. It ultimately lead to in the end us actively discouraging usingopenssloveropenssl@1.1, while many people would've been unaware of that. Indeed the confusion meant that we had a couple of new formula submitted usingopensslas a dependency whenopenssl@1.1was preferred.I suppose the upside is that now you explicitly depend on 1.1. So if 3.0 came around tomorrow and broke everything again, your workflow won't fall apart from upgrading a
opensslthat may point to the latest version.We'll figure out how to deal with the unversioned
openssl.0349a7cThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We've got #47034 open now to discuss further.
0349a7cThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Apologies for the breakage. I don't think there was a clean way to do it, we were always going to have to break it for some users. The decision not to make
opensslalways be the latest version, which was linked to the scale of changes to be made, ended up biting us in the end.We're definitely going to do that at some point, the problem is trying to do it without breaking things for users who currently have OpenSSL 1.0 installed as
openssl…