On Thu, Oct 06, 2005 at 10:20:12PM +0200, Christoph Martin wrote: > > You are right - as so often. > > People are still required to speak with the release team first. But some > > people prefer to make all of our life harder then necessary. > > Please again: If someone wants to make any transition, please speak > > *first* with the release team. Do not just assume you can upload just > > anything. We really want to finish the c++-abi-transition first. > Sorry for that. I missed the message about not doing library > transitions. My fault. But I also do not really understand why so many > packages need to be rebuild since libssl0.9.7 will be in the archive > too. How? I don't see any openssl097 source package in the archive, only openssl and openssl096. If it is your intention to upload an openssl097 source package, please do so ASAP (preferably *before* libssl0.9.7 is removed from unstable via rene!), and please tell maintainers that they should *not* be transitioning to libssl0.9.8 at this time. There are probably many packages that can safely be migrated to libssl0.9.8, but there are a large number of other packages, which no one has made a list of, which will have a cascade effect on segfaults related to other transitions if they are rebuilt now against a libssl0.9.8 that doesn't have versioned symbols. > I however understand the problem with different libraries linked against > different versions of openssl. But I don't think that versioning the > symbols in Debian alone would be such a good idea. Than we would be > incompatible with other distributions. We would be only unidirectionally incompatible with other distros, in the same way that we would be incompatible distros that shipped an older version of libssl0.9.8 which was missing a newly-added symbol but was otherwise ABI-compatible. > All LSB connected distros should do it the same way. Yes, they certainly should. Maintainers that implement versioned symbols for libraries are always encouraged to submit patches upstream. > Release team: If you think it would be the right thing to remove openssl > 0.9.8 from sid, feel free to do it. I did the update, because a lot of > people bugged me about the new version and upstream only recommends this > version. It also closes a grave security bug. I don't think it makes much sense to remove the package from sid once it's been uploaded, but please see above for my concerns on how we handle this going forward. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. vorlon@debian.org http://www.debian.org/
Attachment:
signature.asc
Description: Digital signature