[Pkg-openssl-devel] Bug#907015: Bug#907015: openssl version 1.1.1 breaks multiple reverse dependencies; versioned Breaks needed

Kurt Roeckx kurt at roeckx.be
Wed Sep 5 22:21:41 BST 2018


On Wed, Sep 05, 2018 at 10:58:27PM +0200, Sebastian Andrzej Siewior wrote:
> On 2018-08-23 09:07:31 [+0200], Paul Gevers wrote:
> > 2) enable the openssl package to collect information which packages it
> > breaks and which version of those package fix the issue. With that
> > information the openssl package can add versioned Breaks
> > 
> > We believe that the versioned Breaks are needed to enable a smooth
> > upgrade path for testing users as well as for users that upgrade from
> > stretch to buster. For users a Breaks is also required if the new
> > OpenSSL just exposed an existing bug in the reverse dependency.
> 
> how is a versioned break helping anything? The minimal key limit, hash
> and TLS version can be overriden via config file and this what is
> causing the problems from what I can tell. So either the remote side
> upgrades their things or the users enabled "lower security" mode.
> Is there anything that skipped my mind?

There are also bugs in packages that actually break because of the
TLS 1.3 changes, for instance not sending the SNI and trying to
connect to google. Having a Breaks might be useful for those.


Kurt



More information about the Pkg-openssl-devel mailing list