mbedtls@2: deprecate

[SMillerDev]

• Have you followed the guidelines for contributing?
• Have you ensured that your commits follow the commit style guide?
• Have you checked that there aren't other open pull requests for the same formula update/change?
• Have you built your formula locally with HOMEBREW_NO_INSTALL_FROM_API=1 brew install --build-from-source <formula>, where <formula> is the name of the formula you're submitting?
• Is your test running fine brew test <formula>, where <formula> is the name of the formula you're submitting?
• Does your build pass brew audit --strict <formula> (after doing HOMEBREW_NO_INSTALL_FROM_API=1 brew install --build-from-source <formula>)? If this is a new formula, does it pass brew audit --new <formula>?

---

[chenrui333]

we can also remove the livecheck per this change

[SMillerDev]

There might still be releases though. It's deprecated, not abandoned.

[SMillerDev]

That's a disappointing amount of dependencies.

  dislocker
    * Dependency 'mbedtls@2' is deprecated but has un-deprecated dependents. Either
      un-deprecate 'mbedtls@2' or deprecate it and all of its dependents.
  hashlink
    * Dependency 'mbedtls@2' is deprecated but has un-deprecated dependents. Either
      un-deprecate 'mbedtls@2' or deprecate it and all of its dependents.
  haxe
    * Dependency 'mbedtls@2' is deprecated but has un-deprecated dependents. Either
      un-deprecate 'mbedtls@2' or deprecate it and all of its dependents.
  julia
    * Dependency 'mbedtls@2' is deprecated but has un-deprecated dependents. Either
      un-deprecate 'mbedtls@2' or deprecate it and all of its dependents.
  neko
    * Dependency 'mbedtls@2' is deprecated but has un-deprecated dependents. Either
      un-deprecate 'mbedtls@2' or deprecate it and all of its dependents.
  shadowsocks-libev
    * Dependency 'mbedtls@2' is deprecated but has un-deprecated dependents. Either
      un-deprecate 'mbedtls@2' or deprecate it and all of its dependents.

[SMillerDev]

Neko seems deprecated itself: HaxeFoundation/neko#287

[SMillerDev]

Dislocker seems abandoned: Aorimn/dislocker#314

[SMillerDev]

Shadowsocks issues are piling up without any answers anywhere: https://github.com/shadowsocks/shadowsocks-libev

[SMillerDev]

Haxe has an issue open: HaxeFoundation/haxe#11195
Julia has one open to replace the dependency: JuliaLang/julia#48799

[cho-m]

Dislocker seems abandoned: Aorimn/dislocker#314

They did try switching to mbedtls 3 but it broke Linux builds - revert in Aorimn/dislocker@179c51b

---

Shadowsocks issues are piling up without any answers anywhere: https://github.com/shadowsocks/shadowsocks-libev

We can probably deprecate it when we feel like (probably at same time as mbedtls@2 unless any activity). Upstream is mainly focusing on shadowsocks-rust. From summary:

• Bug-fix-only libev port of shadowsocks. Future development moved to shadowsocks-rust

---

Neko seems deprecated itself: HaxeFoundation/neko#287

The problem is neko is a dependency of haxe. Given our stance on deprecated SSL/TLS libs, we may just have to deprecate them all if they are not off of mbedtls@2 by EOL.

---

Julia has one open to replace the dependency: JuliaLang/julia#48799

Julia is the biggest issue. There isn't much progress on what they plan to do (e.g. switch to OpenSSL, update to MbedTLS 3, switch to BoringSSL, etc).

I assume they will decide on something before EOL given there are enough maintainers over there.

[github-actions]

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.