Bug#859831: moonshot-gss-eap cannot migrate to openssl 1.1.0 prior to xmltooling
Sam Hartman
hartmans at debian.org
Mon Oct 30 20:49:28 UTC 2017
>>>>> "Cantor," == Cantor, Scott <cantor.2 at osu.edu> writes:
Cantor,> On 10/30/17, 4:36 PM, "Pkg-shibboleth-devel on behalf of
Cantor,> Sam Hartman"
Cantor,> <pkg-shibboleth-devel-bounces+cantor.2=osu.edu at lists.alioth.debian.org
Cantor,> on behalf of hartmans at debian.org> wrote:
>> So, in order to have a moonshot-gss-eap that builds against
>> openssl 1.1, we'll need to get xmltooling fixed.
Cantor,> The version of Shibboleth that supports 1.1 will be out
Cantor,> some time next year, and I can't put much of a time frame
Cantor,> on it beyond that. I doubt it will be June, but I also
Cantor,> doubt it will be January.
Nod. I've actually been following this list and am aware of where things
stand.
Assuming that the SSL maintainers move at the speed they are hoping to
move, Shibboleth will be pulled from Debian testing in about a month.
My understanding is that the patches already exist, but effort didn't
exist within Debian to do a good job of taking those patches ourselves
at least the last time this was discussed on the list.
Moonshot can technically be built without Shibboleth. That kind of
cripples especially the acceptor, but it does build. I'll talk to the
moonshot community about whether it would be better for Moonshot to
remain out of testing (it got pulled because of an arm64 issue) or
whether having a crippled version that works well as a client but not
great as a server would be better.
More information about the Pkg-shibboleth-devel
mailing list