[Pkg-openssl-devel] Bug#804487: Bug#804487: openssl_1.0.2d-3 breaks mumble and mumble-server after binNMU

Mikkel Krautz mikkel at krautz.dk
Mon Mar 14 21:20:25 UTC 2016


On Sun, Mar 13, 2016 at 9:20 PM, Chris Knadle <Chris.Knadle at coredump.us> wrote:
> Mikkel Krautz:
>> On Sun, Mar 13, 2016 at 2:58 PM, Kurt Roeckx <kurt at roeckx.be> wrote:
>>> I would also like to say again that if we can somehow see in the
>>> meta data that they are using libssl, they would get rebuild at
>>> the same time and you wouldn't get into this situation that they
>>> are using a different version.
>>
>> My vote is also 100% for doing that. Preferably via '-openssl-linked'.
>
> I'm building qt4-x11 with ./configure -openssl-linked with OpenSSL 1.0.2d-1
> now and will then build test versions of mumble with it to verify what the
> behavior is.

I believe we found that -openssl-linked would not work for Qt in
Debian because of potential license incompatibilities with OpenSSL.
Basically, by using -openssl-linked, unsuspecting software that link
to QtNetwork (but are not compatible with the OpenSSL license) will be
implicitly linked to OpenSSL, and thus create binaries that cannot be
redistributed.

Is it possible to get the fact that QtNetwork uses libssl/libcrypto
into the packaging metadata, such that the package would be rebuilt
with new versions of OpenSSL automatically?



More information about the Pkg-openssl-devel mailing list