Please merge openssl from debian unstable

Openssl's support policy means we won't be using a non-LTS version in Ubuntu. There's a small window where we might use a non-LTS version provided we are sure we can upgrade to an LTS version of openssl in time for our own LTS but at the moment this situation has not happened yet.

Openssl 3.1 is not an LTS, nor is 3.2 (released a few days ago), and it is not known if 3.3 will be. By the way, 3.3 should be released in April, almost in time for our LTS, but again, we don't know if it will also be an LTS release.

As a consequence, we are unfortunately most likely going with 3.0 in 24.04, and every subsequent ubuntu release until we know we will have an LTS in time for our 26.04 (because we can't "downgrade" openssl version for our LTS releases).

In the future it is possible that we introduce "openssl-latest" or something like that in order to track most recent releases but without any support guarantee. This would be a completely separate package.

In any case, I hadn't noticed that 3.1.* had been uploaded to Debian unstable. I was assuming that the debian maintainers would stick to 3.0 for the same reasons as I outlined above. It's possible they're betting they will have an openssl LTS release in time for trixie's release since trixie might be out in 2025 and by that time openssl 3.0 will roughly reach EOL, and a new openssl LTS would be needed. I guess we'll have to discuss which openssl version to use post-24.04 but probably not before 24.04 is released.

I'm going to re-write this report as something post 24.04 since we can't do anything before 24.04 sadly.

Will resume once new openssl LTS is realsed.