Bug#760735: libgnutls26: [dummy bug] Must not be shipped in jessie

Andreas Metzler ametzler at bebt.de
Sat Oct 4 06:23:56 UTC 2014 

On 2014-10-03 Kurt Roeckx <kurt at roeckx.be> wrote:
> On Sun, Sep 07, 2014 at 02:16:03PM +0200, Andreas Metzler wrote:
>> Package: libgnutls26
>> Version: 2.12.23-17
 
>> GnuTLS 2.12 should not be shipped in jessie, let's make sure it does
>> not accidentally re-enter testing after its removal (which is not yet
>> scheduled).

> Can you clarify which version(s) you think should ship with
> jessie?  I'm guessing you want to go with the 3.2 upstream version
> so the gnutls28 source package?

Hello,
we will ship gnutls28 (3.3.x).

> libgnutls-dev is currently a binary package from libgnutls26
> and libgnutls28-dev Provides gnutls-dev (not libgnutls-dev).
> There are packages that Build-Depend on libgnutls-dev.

> Could you please clarify what should happen?

The packages that work with _and_ actually *require* GnuTLS should
build-depend on libgnutls28-dev. Stuff that requires the old library
version will have to go.

Thank you for pointing this out to me, I have been handholding the
transition for a couple of months and thought it was almost done.

Looking at the current status we find these packages build-depending
on libgnutls-dev:

centerim (only in sid)
cluster-glue 1.0.12~rc1+hg2777-1
gst-plugins-bad0.10 (0.10.23-7.3)
gst-plugins-bad1.0 (1.4.3-1) 
kopete (4:4.14.1-1)
libvmime (only in sid)
mandos (1.6.8-1) 
mod-gnutls (sid is fixed and broken, testing is horribly outdated)
ntopng (1.2.1+dfsg1-1) 
openldap (2.4.39-1.1) 
openvas* (only in sid)
pacemaker* (only in sid)
pokerth (1.1.1-2.1) 
python-gnutls (1.2.5-1) 
qutecom (2.2.1+dfsg1-5.1) 
snort (2.9.5.3-3)
sogo (only in sid)
vdr-plugin-fritzbox (1.5.2-5) 
wine (1.6.2-8) 
wine-development (1.7.27-1) 
xchat-gnome (1:0.30.0~git20131003.d20b8d-2.1)
xen (4.4.1-2) 

OTOH looking at the binary dependencies in sid (and ignoring packages
only in sid https://release.debian.org/transitions/html/gnutls28.html
the transition is basically done (there are some false positives due
to libgnutls28-dev|libgnutls-dev dependencies), only these packages
remain:
openldap: Fixed for months in GIT, waiting for internal review.
python-gnutls: Patches available for ages, nobody cares.
mandos: Only reverse dependency of python-gnutls.

Therefore on the binary side the transition can be finished after an
openldap upload by removing python-gnutls/mandos/mod-gnutls from
testing.

I will submit the missing Build-Depends related bug report in due
course (not today). I suspect that in almost all of the cases the
correct fix will be to simply drop the build-dependency.

(As a fallback plan, if we cannot get these 12 source packages fixed
in time for jessie gnutls28 could obviously take over the
libgnutls-dev package.)

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

More information about the Pkg-gnutls-maint mailing list