[Pkg-openssl-devel] Bug#965041: closed by Debian FTP Masters <ftpmaster at ftp-master.debian.org> (reply to Sebastian Andrzej Siewior <sebastian at breakpoint.cc>) (Bug#965041: fixed in openssl 3.3.1-5)
Colin Watson
cjwatson at debian.org
Wed Aug 14 14:20:08 BST 2024
On Fri, Aug 09, 2024 at 09:15:20AM +0000, Debian Bug Tracking System wrote:
> * Split the legacy provider into its own package (Closes: #965041).
By default, this breaks anything that uses python3-cryptography:
https://github.com/pyca/cryptography/blob/43.0.0/src/rust/src/lib.rs#L77
There are two natural options: set CRYPTOGRAPHY_OPENSSL_NO_LEGACY, or
depend on openssl-provider-legacy. I guess the former is a reasonable
workaround, at least in the short term, but it's going to have to be
done in the test suite of the entire reverse-dependency tree of
python3-cryptography; or python3-cryptography itself would have to be
changed, which ideally would need to be coordinated with upstream since
it'd be a semantic change.
Given what seems to have been a relatively weak and contested
justification for making this change, is this actually worth all the
effort?
--
Colin Watson (he/him) [cjwatson at debian.org]
More information about the Pkg-openssl-devel
mailing list