[pkg-opensc-maint] Bug#846548: marked as pending

Eric Dorland eric at debian.org
Tue Jun 6 05:26:48 UTC 2017


OK, apologies for the delay (and I know we're getting down to the
wire). I just uploaded libp11-openssl1.1 to experimental and of course
it's in NEW. If this looks ok let me know what the next steps are if
we want to try to get it into stretch.

* Julien Cristau (jcristau at debian.org) wrote:
> On 05/30/2017 07:16 AM, Eric Dorland wrote:
> > * Julien Cristau (jcristau at debian.org) wrote:
> >> On 05/29/2017 03:15 AM, Eric Dorland wrote:
> >>> * Julien Cristau (jcristau at debian.org) wrote:
> >>>> On Mon, May 22, 2017 at 03:42:57 +0000, Eric Dorland wrote:
> >>>>
> >>>>> tag 846548 pending
> >>>>> thanks
> >>>>>
> >>>>> Hello,
> >>>>>
> >>>>> Bug #846548 reported by you has been fixed in the Git repository. You can
> >>>>> see the changelog below, and you can check the diff of the fix at:
> >>>>>
> >>>>>     https://anonscm.debian.org/cgit/pkg-opensc/libp11.git/commit/?id=e8d6da0
> >>>>>
> >>>> So, erm.  This seems like it would break using libengine-pkcs11-openssl
> >>>> in an application using libssl1.0.2.  As a SONAME bump it also seems
> >>>> rather inappropriate during the freeze.
> >>>
> >>> That's a good point. I was trying to provide an alternative to the
> >>> broken NMU that was going to be uploaded, but yes this will break
> >>> applications built against libssl1.0.2. It does fix using this with
> >>> the openssl tool however.
> >>>
> >> Right.
> >>
> >>>> I'm very interested in having this fixed in stretch so I can get the
> >>>> secure-boot stuff working on ftp-master, but this doesn't look like the
> >>>> way to go.  Not to mention that you'd have to justify the bump from
> >>>> 0.4.3 to 0.4.4.
> >>>>
> >>>> Can you explain your plans here?
> >>>
> >>> As you suggested in your followup, the way forward would appear to be
> >>> to upload a new libp11 source package that builds against
> >>> libssl1.0.2. I can also backport all of the changes to 0.4.3 and
> >>> upload to testing-proposed-updates. Does that sound reasonable?
> >>>
> >> Having read through the 0.4.4 changes I think I'd be ok with getting
> >> that in if you're confident.  I guess the other question is should
> >> libp11-dev come from the openssl1.1-using package or the
> >> openssl1.0.2-using one.  At this late stage I guess it's safer to stay
> >> with 1.0.2, and have the libp11-openssl1.1 package (or however it's
> >> called) only provide a libengine-pkcs11-openssl1.1 binary?
> > 
> > OK, I like this plan. We should get the naming right going forward
> > though for the libengine-pkcs11-openssl1.1 package. Is that how other
> > packages are handling naming when they depend on a particular version
> > of openssl?
> > 
> I'm not sure, to be honest.  I don't know if there are any other similar
> cases right now.  This package name wouldn't survive stretch in any
> case, I guess?
> 
> > I should be able to get fixed uploads to unstable in a couple of days.
> > 
> Nice.  Thanks.
> 
> Cheers,
> Julien

-- 
Eric Dorland <eric at kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-opensc-maint/attachments/20170606/13921e05/attachment.sig>


More information about the pkg-opensc-maint mailing list