Revert back to openssl 1.1 for alpine release 3.15?
I wonder if we should revert back to openssl 1.1 for the alpine 3.15 release.
Currently we have a minefield of a mix:
$ grep openssl-dev main/*/APKBUILD | cut -d/ -f2 | sort -u | wc -l 65 $ grep openssl1.1-compat-dev main/*/APKBUILD | cut -d/ -f2 | sort -u | wc -l 63 $ grep openssl1.1-compat-dev community/*/APKBUILD | cut -d/ -f2 | sort -u | wc -l 83 $ grep openssl-dev community/*/APKBUILD | cut -d/ -f2 | sort -u | wc -l 130
In main we have 49% using 1.1 of packages using openssl. In community we have 39% using 1.1. In both it is 43% using 1.1
I don't think its wise to ship a release where it is close to half of the packages uses openssl 1.1 and the other half 3.0.
This is excluding testing. (which will not be included in the 3.15 release anyway).
We already have problems with packages not building due to different dependencies uses different versions of openssl. For example gvm-libs does not build at all. (depends on libssh->openssl 3.0 and openldap->openssl 1.1). Even if we solve this specific blocker, it will still be a mess for users using 3.15 release to build their own things.
So I wonder if it would be wise to revert back to openssl 1.1 for everything, and wait til we have a insignificant minority of packages that are locked to openssl 1.1 before we upgrade openssl to 3.0?
I don't think we should do 3.15 release in this state.