You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
RFC: Host a copy of each release tarball under https://www.openssl.org/source/old/<version>/ as soon as it's released, rather than only when it's superseded
#24132
Open
Googulator opened this issue
Apr 13, 2024
· 1 comment
This presents a problem for projects trying to maintain permanent links to OpenSSL releases (e.g. live-bootstrap): the link to the main sources/ folder breaks as soon as a new point-release is produced, while the link under old/ isn't usable until then. There exists no URL that points to e.g. 3.0.12 both before and after the release of 3.0.13.
Similarly, because the latest point-release in each lineage includes the patch level in the link, it's also impossible to link to e.g. "the latest 3.0 release" in a dependable manner.
I'd propose the following scheme instead:
As soon as a new release is produced, make it available under old/, which can then serve as a permanent link to that particular release.
The latest release in each lineage should have a link in source/ with its full major.minor.patch version number, to maintain compatibility with existing links.
Right now, the current point-release of each supported version of OpenSSL can be found under the URL: https://www.openssl.org/source/openssl-major.minor.patch.tar.gz - when that version is superseded, it's moved to https://www.openssl.org/source/old/major.minor/openssl-major.minor.patch.tar.gz
This presents a problem for projects trying to maintain permanent links to OpenSSL releases (e.g. live-bootstrap): the link to the main sources/ folder breaks as soon as a new point-release is produced, while the link under old/ isn't usable until then. There exists no URL that points to e.g. 3.0.12 both before and after the release of 3.0.13.
Similarly, because the latest point-release in each lineage includes the patch level in the link, it's also impossible to link to e.g. "the latest 3.0 release" in a dependable manner.
I'd propose the following scheme instead:
The text was updated successfully, but these errors were encountered: