Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL

To: debian-devel@lists.debian.org, 754513@bugs.debian.org
Subject: Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
From: Matthias Urlichs <matthias@urlichs.de>
Date: Sun, 13 Jul 2014 20:36:30 +0200
Message-id: <[🔎] 20140713183630.GF3054@smurf.noris.de>
In-reply-to: <[🔎] 20140713134837.GA18474@glandium.org>
References: <20140712112547.GA17955@roeckx.be> <20140712115345.GA10308@spruce.wiehl.oeko.net> <[🔎] 20140712121513.GA18849@roeckx.be> <[🔎] 20140712124645.GB10308@spruce.wiehl.oeko.net> <[🔎] 53C20278.1010605@debian.org> <[🔎] 20140713061751.GA15420@smurf.noris.de> <[🔎] 20140713105459.GA16846@glandium.org> <[🔎] 20140713111133.GA6806@client.brlink.eu> <[🔎] 20140713120217.GB15420@smurf.noris.de> <[🔎] 20140713134837.GA18474@glandium.org>

Hi,

Mike Hommey:
> Well, it kind of is. Because those versioned symbols in openssl come
> from a debian patch, afaict. So while debian may be fine (as long as all
> build-rdeps have been rebuilt since openssl got those versioned
> symbols), other distros aren't covered, as well as binaries not
> compiled on debian.
> 
I am, frankly, not at all concerned with binaries not compiled on Debian
at this point. Data point: Fedora uses a different symbol versioning
scheme for openssl, so openssl-linked binaries from there won't run on
Debian anyway.

It's far more imperative to educate upstream (in general, not just openssl
– but them in particular) about the fact that adding versioning to their
libraries is a Very Good Idea which will save them (and, more to the point,
anybody using their code) a whole lot of hassle – as well as potential
security holes – if/when their ABI changes.

-- 
-- Matthias Urlichs

Reply to:

Follow-Ups:
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Kurt Roeckx <kurt@roeckx.be>

References:
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Kurt Roeckx <kurt@roeckx.be>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Toni Mueller <toni@debian.org>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Thomas Goirand <zigo@debian.org>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Matthias Urlichs <matthias@urlichs.de>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Mike Hommey <mh@glandium.org>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: "Bernhard R. Link" <brlink@debian.org>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Matthias Urlichs <matthias@urlichs.de>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Mike Hommey <mh@glandium.org>

Prev by Date: Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
Next by Date: Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
Previous by thread: Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
Next by thread: Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
Index(es):
- Date
- Thread