Bug#864160: Release notes should document how to compile 3rd party software against OpenSSL

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#864160: Release notes should document how to compile 3rd party software against OpenSSL
From: Adrian Bunk <bunk@debian.org>
Date: Sun, 04 Jun 2017 18:41:47 +0300
Message-id: <[🔎] 149659090793.4100.18206712626198857138.reportbug@localhost>
Reply-to: Adrian Bunk <bunk@debian.org>, 864160@bugs.debian.org

Package: release-notes
Severity: normal

With both OpenSSL 1.0.2 and 1.1 included in stretch,
the release notes should document which to choose for
compiling 3rd party software.

In most cases either will work, but in some circumstances
compiling against the wrong OpenSSL version will result
in a crashing application (if some library used uses the
other OpenSSL version and incompatible data is passed
from one OpenSSL version to the other).

It was decided to not force the correct OpenSSL version through
libssl1.0-dev/libssl-dev dependencies.

For packages included in stretch choosing the correct OpenSSL
version was implemented through a review by Kurt half a year
ago and RC bugs forcing affected software to use the correct
version.

For stretch users compiling 3rd party software this should be
properly documented.

One consumer of this information should be stretch-backports,
whenever a package uses libssl1.0-dev in stretch but libssl-dev
in buster the information is required whether compiling with
libssl-dev in stretch-backports is safe.

Reply to:

Prev by Date: Re: Bug#864043: release-notes: proofreading sweep - moreinfo.dbk
Next by Date: Bug#864166: release-notes: proofreading sweep - issues.dbk
Previous by thread: Bug#864066: marked as done (release-notes: proofreading sweep - release-notes.dbk)
Next by thread: Bug#864166: release-notes: proofreading sweep - issues.dbk
Index(es):
- Date
- Thread