You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@arrow.apache.org by "Antoine Pitrou (Jira)" <ji...@apache.org> on 2020/09/30 11:59:00 UTC

[jira] [Commented] (ARROW-10138) [C++] Bundled external project for openssl

    [ https://issues.apache.org/jira/browse/ARROW-10138?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17204665#comment-17204665 ] 

Antoine Pitrou commented on ARROW-10138:
----------------------------------------

That sounds frankly like a very bad idea for two reasons:
1) OpenSSL is security-critical and we are not equipped to ship upgrades properly currently
2) OpenSSL can be used by the application and/or different parts of Arrow (e.g. through gRPC, as a dynamic library), and then we can get symbol clashes or ABI clashes between different versions of OpenSSL

So my vote is strongly -1 on this unless the two points above are adressed. And I expect point 1) to be non-trivial to solve given our current community structure and versioning strategy.

cc [~kou]

> [C++] Bundled external project for openssl
> ------------------------------------------
>
>                 Key: ARROW-10138
>                 URL: https://issues.apache.org/jira/browse/ARROW-10138
>             Project: Apache Arrow
>          Issue Type: New Feature
>          Components: C++, Packaging
>            Reporter: Neal Richardson
>            Priority: Major
>             Fix For: 2.0.0
>
>
> aws-sdk-cpp requires it and it seems easy enough to build. Arguably you *should* manage openssl as a system package but that's not always feasible for all of our packages, and the manylinux wheel scripts already build and bundle openssl.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)