Bug#844160: marked as done (apache2-dev should depend on libssl1.0-dev)
On Mon, Nov 14, 2016 at 05:03:45AM +0100, Ondřej Surý wrote:
> > Looking at mod_ssl_openssl.h and the comment in #828330,
> > I'd suggest the change below to add a dependency on libssl1.0-dev
> > to apache2-dev.
> And that exactly happens meaning that PHP 7.0 can no longer be built
> unless all it's build-depends (including PHP 7.0) and rdepends move to
> libssl1.0-dev as well.
> So a nice deadlock, right? To be honest I would rather have a slightly
> less tested apache2 with OpenSSL 1.1.0 and iron out the bugs as we go
> than revert all the work I have done.
> I reviewed the patch Kurt has provided and I don't see any strong reason
> why anything should break.
Can you guarantee that rdeps of Apache can use 1.0.2 in stretch when
Apache itself uses 1.1?
That is the most important question here.
This is what my "mod_ssl_openssl.h and the comment in #828330"
was referring to.
The dual 1.0.2/1.1 setup for stretch can only work when any set of
packages in the archive that needs the same OpenSSL version stays
at 1.0.2 unless *all* packages in this set are compiling and working
fine with 1.1
And since the OpenSSL version used is part of the libcurl3 ABI
(see #844018 for details), using 1.1 in stretch is anyway not
really an option for Apache/PHP in stretch.
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed