2025-10-09 –, Krakow/ Business Value & Enterprise Adoption
This talk will cover past mistakes and success from shipping major OpenSSL upgrades in Ubuntu and Chainguard from the perspective of an engineering manager and an individual contributor. Covering past transitions such as 1.1.0 to 1.1.1 back in Ubuntu 18.04 Bionic, to considering upcoming deprecations and feature parity and interoperability.
The talk will cover the following topics:
- The fallout from upgrading OpenSSL 1.1.0 to 1.1.1 in Ubuntu 18.04 LTS post LTS release.
- When to choose backporting fixes instead of upgrading OpenSSL point releases.
- When to upgrade major OpenSSL versions or remain on the same versions.
- Benefits and tradeoffs of keeping stable ABI when removing features.
- Missing features in OpenSSL available in forks such as AWS-LC and Cloudflare.
- The path to deprecating and removing obsolete features.
- Challenges in cryptographic hardening the default configuration.
This talk will be delivered by an engineering manager and an individual contributor with hands-on experience being challenged by the above transitions when shipping OpenSSL in Ubuntu and Chainguard OS.
I am a principal engineer at Chainguard focusing on cryptographic hardening of FIPS container workloads for FedRAMP deployments. I am upstream contributor to OpenSSL, BoringSSL, AWS-LC, LibreSSL, Linux Crypto subsystem, Secureboot rhboot/shim and grub, Ubuntu Core Developer, OpenBSD, Debian Developer, among many other smaller contributions to many open source projects.
Pat leads Chainguard's Guarded OS team. She's passionate about operating systems, software at scale, unicorns and working with amazing people from all over the world. Before this current awesome gig, she worked at Google, InfluxData, Canonical and the IBM Linux Technology Center. She works from her basement office in Portland, Oregon.