Tiny Core Extensions > TCE Talk
Openssl and Python versions for TC 4.x repo.
Jason W:
With the approaching of TC 4.x, we need to decide if we want to update openssl and we need to decide on what python version we will use.
There needs to be only one version of python that we stick with for the duration ov TC 4.x. I recommend staying with 2.7.x, as many things still require python 2.x and I think we are losing almost nothing by sticking with a 2.x version.
Openssl is of course at version 1.0.0 upstream. Building that extension would be easy, but it would require rebuilding a huge portion of the repo, losing so many existing extensions that could otherwise just be copied over. I lean towards staying with 0.9.8 as it is still supported. The cost of moving to 1.0.0 will be very steep, but benefits would be few if any aside from version number.
I would like to hear what the extension makers think on this.
bmarkus:
Python: Agree, use the latest stable 2.x version.
openssl: I'm not really familiar with it so can't say nothing about real benefits having 1.0.0 but for sure, rebuild extensions just to have 1.0.0 would take extra energy from all extension maintainers. I vote for 0.9.8
(Checked RedHat EL6, there is 1.0.0. But it is a commercial product)
Jason W:
Yeah, most distros are on openssl 1.0.0 now, but their package building and updating model is different than ours and allows more frequent updates. Debian stable is still on 0.9.8, though.
THere are 996 tcz extensions that have openssl as a dependent in their dep tree. And there are no known vulnerabilities that have not been fixed by the "r" version of 0.9.8 that we are now using. Also, I think I remember reading that most of openssl exploits that are discovered only affect openssl when used as a server, and not when used as a shared lib. We use it here as a shared lib almost exclusively.
If someone wants to use a newer version of openssl to use it as a server, it is a simple "configure && make && make install" to keep up with the latest version. And if one wants to use the newest openssl to build against, they can either package the newer libs in a self contained extension or link to a newer openssl statically.
I want to hear what the other main extension makers think, but at this point I think we probably are all on the same page.
robc:
I think python 2.7.x would be better then 3.x at this point.
I don't have any problem with updating my extensions to openssl 1.0.0.
On a note about the extensions. Since the repo is growing and will keep growing, there should be a more standardized way to rebuild the extensions. This will help out the TC team and the extension makers when extensions like openssl and python are updated. Perhaps an extension could be made that can pull the build script and source for an extension and build it automatically.
Arslan S.:
as long as my build does not complain about ssl version it is ok for me
also i see no harm to have a seperate python3 extension, there are some projects that requires python3
Navigation
[0] Message Index
[#] Next page
Go to full version