Hi folks. I've just uploaded Mit Kerberos 1.4.3-1 to experimental. I'm writing to you because your package links against the main kerberos library (libkrb53) and I'd like you to confirm that the Kerberos support in your package still works against this version. The public ABI and API of MIt Kerberos has been stable since before Woody was released. However MIT reserves the right to change symbols not mentioned in krb5.h (or mentioned only when KRB5_PRIVATE is defined) at any point in time. New symbols are not added to KRB5_PRIVATE without an ABI bump. Unfortunately, some packages end up calling symbols that are private such as krb5_init_ets(). Many years ago--before krb5 was introduced into Debian--this was actually a good idea. however it has been unnecessary and incorrect for any version of kerberos in Debian. MIt Kerberos 1.4 apparently marks the first time when MIT has removed any such symbol. This can cause packages calling such a symbol to break at runtime. That's not good. The solution to this problem is to remove the call to the private symbol. In the case of krb5_init_ets (the common problem), just remove the call. In the case of any other symbols, fix the problem if it is obvious, or ask email@example.com for help if it is not. (I'm on that list; you could just ask me, but you will be better off asking a larger list). I'd appreciate it if you would take the time to see if your package works against the new Kerberos library. The easiest way to do this is to build your package or at least the kerberos using parts of your package against the new libkrb5-dev package and confirm there are no warnings about missing prototypes and that your package can successfully link to libkrb5. If you do find problems, please upload a version of your package that fixes the problem (built against the old library) to unstable. Open a serious bug tagged as experimental against the krb5 package asking me to conflict with broken versions of your package. Be sure to include the version of your package that has the fix in the bug description. The above procedure assumes that you don't need functionality from krb5 1.4 to work around private symbols you are using. If that ends up not being the case then talk to me and we'll work something out. Also, if your package is involved in some sort of transition and has limited uploading,we'll need to work on timing with the release team. If for this or any other reason you cannot upload a fix please still open a bug so I'll know that krb5 1.4 will break your package. Thanks for your cooperation in making Debian better and helping me with this transition. Finally, great thanks to Russ Allbery my co-maintainer for all his work on the package.
Description: PGP signature