Conill: The long-term consequences of maintainers’ actions

Ariadne Conill looksat the difficulties caused by the OpenSSL 3 transition in thecontext of Alpine Linux.

For distributions, however, the story is different:cryptography moved to using Rust, because they wanted toleverage all of the static analysis capabilities built into thelanguage. This, too, is a reasonable decision, from a developmentperspective. From the ecosystem perspective, however, it isproblematic, as the Rust ecosystem is still rapidly evolving, andso we cannot support a single branch of the Rust compiler for anentire 2 year lifecycle, which means it exists in community. Oursolution, historically, has been to hold cryptography atthe latest version that did not require Rust to build. However,that version is not compatible with OpenSSL 3, and so it willeventually need to be upgraded to a new version which is. And so,since cryptography has to move to community, so doesparamiko and Ansible.