[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL

"John D. Hendrickson and Sara Darnell" <johnandsara2@cox.net> writes:
> Russ Allbery wrote:

>> OpenSSL ABI implementation to another is something of an all-or-nothing
>> affair.  You can do a small amount of building key packages with the
>> other

> ? rhetorically i'm unsure there's a problem.

I have some experience with this from dealing with the MIT and Heimdal

The problems crop in various ways.  The largest is that data structures
from one library can't be passed into the other library, which can arise
quite easily when there are multiple shared libraries involved that are
linked with different library implementations.  There are also lots of
more subtle problems: environment variables that are not honored by one of
the libraries or handled differently, any global initialization state now
exists twice and can create other interesting issues, and so forth.  There
are also the annoying warnings the linker will issue whenever linking with
one library and a shared library that uses a different one.

You can do it temporarily -- we do it all the time for library transitions
-- but it's not a very reliable state, and I would question whether it's a
good idea to have a random mix of the libraries as the steady state in
Debian over a longer period of time.

> a package (app) should decide which lib it wants not be coerced to use a
> different vendor it is unfamiliar with.

The point of a Linux distribution is to integrate things, which involves
making choices like this.  If all we're going to do is just build upstream
software with whatever upstream's defaults are in a giant free-for-all,
there's little point in this whole organization called Debian.

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: