Remove remote website pinging from OpenSSL #1333
Conversation
|
Should we remove the older versions from the package since url_for_version no longer locates them properly? |
|
Unless someone is willing to research the whys and whats of past OpenSSL
versions, I'd be fine to remove all OpenSSL versions except the newest.
Older versions almost certainly have security problems.
|
Without an automated update / notification of some kind on new versions of OpenSSL this would very likely be a thing done halfway. How long spack newest will be an old OpenSSL before someone will notice it and update |
|
@alalazo I suspect someone will notice right away if a new version comes out since OpenSSL archives the old download URL. Anything that depends on OpenSSL will break because Spack can't download any version of OpenSSL. That's the original reason we added the complex |
|
@adamjstewart But now we have caches that mitigate the problem, right ? |
|
Anyhow, I don't mean to be picky on this. I just see a point that we should deal with in the long run... |
|
@alalazo Ah, I see what you mean. |
|
@tgamblin Can you remove the no longer necessary imports? There's also an extra blank line. |
- OpenSSL no longer checks remote versions on the openssl site. - Spack is used on systems that aren't connected to the internet, and this check is probably in the wrong place and affects too many commands. We can work on figuring out a better, more configurable place to put a check like this.
tgamblin
force-pushed
the
features/no-openssl-pinging
branch
from
a772f14
to
8523f75
Compare
|
@adamjstewart: done |
Resolves #1332.
this check is probably in the wrong place and affects too many
commands. We can work on figuring out a better, more configurable
place to put a check like this.
@alalazo @KineticTheory @citibeth @adamjstewart