[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL

On Sun, 13 Jul 2014, Matthias Urlichs wrote:
> I am, frankly, not at all concerned with binaries not compiled on Debian
> at this point. Data point: Fedora uses a different symbol versioning
> scheme for openssl, so openssl-linked binaries from there won't run on
> Debian anyway.
> It's far more imperative to educate upstream (in general, not just openssl
> – but them in particular) about the fact that adding versioning to their
> libraries is a Very Good Idea which will save them (and, more to the point,
> anybody using their code) a whole lot of hassle – as well as potential
> security holes – if/when their ABI changes.

Meanwhile, we could try to get ever distro with a clue together, map the
versioned symbol diffs that already exist, and see if we can come up with a
plan to at least do downstream versioning in a compatible way.

  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to: