[Pkg-openssl-devel] Bug#846113: polygraph loses SSL support when compiled with OpenSSL 1.1

Sebastian Andrzej Siewior sebastian at breakpoint.cc
Wed Nov 30 20:43:48 UTC 2016 

On 2016-11-30 01:16:09 [+0200], Adrian Bunk wrote:
> > I though we agreed not to tag this as a patch
> 
> Where did I agree to that?

The last time I pointed it out and you replied that the problem is that
"two things are tracked in one bug but it can't be cloned".

> > but as a hint what can be
> > done if the maintainer chooses to stay with 1.0.
> 
> Reality in Debian is that a large amount of packages is not well 
> maintained, polygraph is actually orphaned.

It received uploads since I orphaned it so I wouldn't say that it is not
well maintained. However the last upload lost SSL on its way to the
archive so it is 50-50 :)

> > Do you expect this bug
> > to be closed once it switches to libsl1.0-dev?
> 
> The thing I do care about is not the patch tag, the thing I do care 
> about is that we are not losing any packages in stretch due to the
> whole OpenSSL situation.

Yes? So you switch to 1.0.2 for a package that is not well maintained
and we get back here in Buster but we don't lose a package in Stretch?
It has low popcon and if it wouldn't be you, then we probably would have
polygraph without SSL. And looking at my tracker there are more packages
that depend on libssl-dev and don't link against it.

> A patch tag makes it visible that there is a solution for the RC issue 
> in stretch.

I attached a patch which builds against 1.1.0. Lets see if somebody is
able to test it.

> Who is going to do the uploads for the ~ 100 not well maintained 
> packages that need to be switched to 1.0.2?
> 
> Will you do these?
If the release team says we have to finish the asap then I will step up
and try my best.

> It should be your job for making dual 1.0.2/1.1 work.
> 
> Or will you at least sponsor me, if I send you a batch of 100 NMUs and 
> QA uploads switching packages to 1.0.2?

If the 100 NMUs are tested and not just switched the build-depends then
maybe. But as you see here, you don't need special powers to get things
compiled with 1.1.0. I actually spent more time writing this email than
the patch. And I would like to avoid switching B-D now and looking at it
again after the release.

> cu
> Adrian

Sebastian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-polygraph-get-it-built-with-openssl-1.1.0.patch
Type: text/x-diff
Size: 2213 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20161130/0fcb2c08/attachment.patch>

More information about the Pkg-openssl-devel mailing list