[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: curl situation is intolerable

On Sun, Sep 11, 2005 at 08:59:11PM -0700, Thomas Bushnell BSG wrote:
> Henrique de Moraes Holschuh <hmh@debian.org> writes:

>> On Sat, 10 Sep 2005, Thomas Bushnell BSG wrote:
>>> It is *absolutely intolerable* to declare such conflicts for shared
>>> libraries, where there are easy solutions: MAKE TWO LIBRARIES THAT

>> The package has to build libraries with differently versioned symbols as
>> well, to avoid total app meltdown if both libraries are loaded into the same
>> address space.

> Yes, but I don't mind that nearly as much.  That's a much rarer
> obstacle than one which simply segregates Debian packages into two
> separate camps, and every use must pick one or the other.  That's what
> the current "solution" amounts to.

Mind you, the license/OpenSSLCallback conflict neccessarily segregates the
packages into two camps, those which are GPL, and those which need the callback
only supplied by the OpenSSL-linked libcurl.

The difficulty lies in handling those which aren't in either group so they can
link to whatever libcurl3 is present, without fear or favour.

The secondary difficulty is making sure that no Sarge packages which use the
callback find themselves broken by a partial upgrade (although a conflicts
could be used to force both parts to migrate if neccessary)

The first mitigating factor is that both present the same API to the program,
and the same ABI to the linker. (The missing callback just returns -EFAIL if
you try to set it on a non-OpenSSL version of libcurl) so it's very possible to
link things that can load either library. I like the suggestion for versioning
the symbols of libcurl depending on what that lib's linked to.

The second mitigating factor is that I couldn't find any code in Debian sid or
experimental that sets this callback. I didn't check Sarge, though. So once the
gnuTLS support in libcurl is sufficiently featureful to meet it's promised API,
it may be able to be just slipped in underneath with no one the wiser, assuming
gnuTLS has versioned symbols, which I believe it has.

Paul "TBBle" Hampson, MCSE
8th year CompSci/Asian Studies student, ANU
The Boss, Bubblesworth Pty Ltd (ABN: 51 095 284 361)

"No survivors? Then where do the stories come from I wonder?"
-- Capt. Jack Sparrow, "Pirates of the Caribbean"

License: http://creativecommons.org/licenses/by/2.1/au/

Attachment: pgpELV5RJvr5f.pgp
Description: PGP signature

Reply to: