[Pkg-openssl-devel] Bug#965041: Bug#965041: closed by Debian FTP Masters <ftpmaster at ftp-master.debian.org> (reply to Sebastian Andrzej Siewior <sebastian at breakpoint.cc>) (Bug#965041: fixed in openssl 3.3.1-5)

[Sebastian Andrzej Siewior]

On 2024-08-14 14:20:08 [+0100], Colin Watson wrote:
> On Fri, Aug 09, 2024 at 09:15:20AM +0000, Debian Bug Tracking System wrote:
> >    * Split the legacy provider into its own package (Closes: #965041).
> 
> By default, this breaks anything that uses python3-cryptography:
> 
>   https://github.com/pyca/cryptography/blob/43.0.0/src/rust/src/lib.rs#L77
> 
> There are two natural options: set CRYPTOGRAPHY_OPENSSL_NO_LEGACY, or
> depend on openssl-provider-legacy.  I guess the former is a reasonable
> workaround, at least in the short term, but it's going to have to be
> done in the test suite of the entire reverse-dependency tree of
> python3-cryptography; or python3-cryptography itself would have to be
> changed, which ideally would need to be coordinated with upstream since
> it'd be a semantic change.
> 
> Given what seems to have been a relatively weak and contested
> justification for making this change, is this actually worth all the
> effort?

I'm sorry if this is causing trouble. I splitted the legacy provider out
and added a Recommends: assuming that it is pulled in by default. It did
not pop on the debci.

Is this causing enough trouble that you would say it needs a Depends:
until this is resolved?

Sebastian