F45 Change Proposal: Update xmlsec to 1 3 [SelfContained]

Project Discussion Change Proposals
, ,
1

Update xmlsec to 1 3

Wiki

Announced

This is a proposed Change for Fedora Linux.
This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee.

Summary :open_book:

This change brings xmlsec 1.3.x into Fedora. Version 1.3 is not backward compatible with 1.2.

Owner :open_book:

Detailed Description :open_book:

Update of xmlsec to 1.3.9 brings new and actively developed version into the Fedora. This version changes some interfaces and it is not backward compatible.

This change requires rebuild and/or update of depending packages:

  • aqbanking
  • lasso
  • libdigidocpp
  • libpskc
  • libreoffice
  • mod_auth_mellon
  • nordugrid-arc
  • open-vm-tools
  • openscap

Feedback :open_book:

Benefit to Fedora :open_book:

Version 1.3 is actively developed and receives new features like new cyphers. Old version is just maintained.

Scope :open_book:

  • Proposal owners:
  • Other developers:
  • Release engineering: [Making sure you're not a bot! #Releng issue number]
  • Policies and guidelines: N/A (not needed for this Change)
  • Trademark approval: N/A (not needed for this Change)
  • Alignment with the Fedora Strategy:

Upgrade/compatibility impact :open_book:

No manual configuration changes are needed or expected.

Early Testing (Optional) :open_book:

Do you require ‘QA Blueprint’ support? No

How To Test :open_book:

  • No special hardware needed
  • Packages will be tested by their owners
  • We will use a copr repository for building and testing depended packages
  • All applications work the same as before change.

User Experience :open_book:

Users should obtain new cypher suites, but this is not typically noticed by users. But application may move defaults to more modern and safe ciphers.

Dependencies :open_book:

Here is list of packages depending on xmlsec1

  • aqbanking
  • lasso
  • libdigidocpp
  • libpskc
  • libreoffice-core
  • mod_auth_mellon
  • nordugrid-arc
  • open-vm-tools
  • openscap

Contingency Plan :open_book:

  • Contingency mechanism: If we found a blocker in depended component, we will create new package (xmlsec12) with the 1.2 version and component not possible to update will compile against old version for now. That might be a bit more work and we might postpone the change for next version of Fedora.
  • Contingency deadline: N/A (not a System Wide Change)
  • Blocks release? N/A (not a System Wide Change), Yes/No

Documentation :open_book:

N/A (not a System Wide Change)

Release Notes :open_book:

\n

Last edited by @alking 2026-03-05T18:57:28Z

Last edited by @alking 2026-03-05T18:57:28Z

2

How do you feel about the proposal as written?

  • Strongly in favor
  • In favor, with reservations
  • Neutral
  • Opposed, but could be convinced
  • Strongly opposed
0 voters

If you are in favor but have reservations, or are opposed but something could change your mind, please explain in a reply.

We want everyone to be heard, but many posts repeating the same thing actually makes that harder. If you have something new to say, please say it. If, instead, you find someone has already covered what you’d like to express, please simply give that post a :heart: instead of reiterating. You can even do this by email, by replying with the heart emoji or just “+1”. This will make long topics easier to follow.

Please note that this is an advisory “straw poll” meant to gauge sentiment. It isn’t a vote or a scientific survey. See About the Change Proposals category for more about the Change Process and moderation policy.

3

Did you try to rebuild the dependent packages in a COPR repository? Is any of them known to fail with the new xmlsec?

4

At the moment there is just xmlsec 1.3 and mod_auth_mellon. I will try to add the others as well.

T.

5

The scope section is not filled out for the owners and for other developers - this seems like a borderline system-wide change to me, since you’ll be rebuilding other people’s packages?

6

This change proposal has now been submitted to FESCo with ticket #3577 for voting.

To find out more, please visit our Changes Policy documentation.

7

This change has been approved by FESCo and will be included in Fedora Linux 45.
To find out more about how our changes policy works, please visit our docs site.

FESCo Issue: Making sure you're not a bot!