to my significant surprise, it looks like Debian is going to try and
make the openSSL 1.1 transition for stretch.
I've been caught flat-footed on all of my packages by this.
In addition, the transition freeze is November 5, which might be an
issue if we want to get the new identity selector or trust router into
stretch.
I'm not really sure that counts because our stuff is sufficiently
self-contained that I don't really consider our updates a transition.
I think the date we really care about is January 5. By that time, we
need to have versions of moonshot that work with libssl 1.1 into
stretch, or moonshot will be pulled from Debian and Ubuntu.
Currently, libradsec, all of the shibboleth code, and moonshot-gss-eap
all break. So does the trust router.
I have not looked into freeradius 3 and whether it breaks.
I'd be very interested in thoughts on whether we want to just let
moonshot fall out of Debian and Ubuntu for this release or whether we
want to scramble to fix this. I think I can handle the packaging bits,
but I definitely do not have time for the actual code changes.
|