Use latest version of OpenSSL #1349
Conversation
The dev guide pins the version of OpenSSL to version 3.0, but the current latest version i 3.3.1 (July 2024). The change pins the OpenSSL version to 3.
|
All commit authors signed the Contributor License Agreement. |
There was a problem hiding this comment.
OpenSSL was updated from 1.1 to 3.0 in:
- Update macOS build recommendations to use OpenSSL 3.0 #1111
- Bump macOS build recommendations to OpenSSL v3.0 #1112
The changes LGTM unless there is some reason to prefer pinning 3.0.
IIRC, when we finally switched from recommending OpenSSL 1.x to OpenSSL 3.0.x, the thinking was that 3.0.x was the OpenSSL stable Long Term Support (LTS) branch with the longest support life and that is still the case. Whether that should be the deciding factor today isn't clear to me. Other opinions? @gpshead ? @tiran ? |
|
Yep, so long as OpenSSL project is providing the concept of "long term support" releases as you linked to above, we should stick with those in our binary release builds shipped by CPython. We want to ship builds made with the OpenSSL version having the latest EOL date to minimize potentially disruptive changes in Python patch releases. |
|
Regardless, this PR is about the "getting-started" guide. I doubt it hurts most of the time for people getting their own local dev environments setup to use a more recent version rather than pinning to the LTS 3.0. Just be aware that when a new OpenSSL release comes out, not all branches of CPython may be ready to build and link against it yet (including |
I agree with the above though the net effect of the change in the PR is that upgrades from one branch of OpenSSL to another will happen somewhat unpredictably as it will depend on when Homebrew updates their |
The dev guide pins the version of OpenSSL to version 3.0, but the current latest version i 3.3.1 (July 2024).
This change pins the OpenSSL version to 3.
📚 Documentation preview 📚: https://cpython-devguide--1349.org.readthedocs.build/