Lenny fixes for opensaml2 and shibboleth-sp2

Russ Allbery rra at debian.org
Fri Nov 27 19:52:15 UTC 2009

"Scott Cantor" <cantor.2 at osu.edu> writes:
> Russ Allbery wrote on 2009-11-26:

>> approach seems reasonable to me.  New exported symbols in the libshibsp
>> package shouldn't matter to anything else, since nothing outside of
>> that source package is linked against it.

> That's also true of the other two packages, so maybe this isn't a problem to
> begin with?

The difficulty with the other packages is that the Shibboleth SP package
does build against them, so while it probably isn't a problem for SONAME
compatibility, it makes redoing the security builds rather more
complicated than one would want.  The ideal is to have the fixes in each
source package be independent and not require that one fixed source
package be built against another fixed source package.

> It's just as likely that somebody has an SP extension written to rely on
> libshibsp as it is that they would have something written on top of
> libsaml.

> (If it wasn't clear that libshibsp is a public API for the SP, that is
> the case.)

Ideally, we wouldn't ever add symbols that will be removed or changed in
later releases, but since these are unadvertised and the next version of
Debian will have libraries with a higher SONAME we should be okay.

Russ Allbery (rra at debian.org)               <http://www.eyrie.org/~eagle/>

More information about the Pkg-shibboleth-devel mailing list