[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#864160: marked as done (Release notes should document how to compile 3rd party software against OpenSSL)

Your message dated Sat, 13 Mar 2021 22:48:10 +0100
with message-id <09596f35-fc42-a9f6-06a1-ff9e2d5c619a@debian.org>
and subject line release notes bug for EOL Debian release
has caused the Debian Bug report #864160,
regarding Release notes should document how to compile 3rd party software against OpenSSL
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

864160: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864160
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: release-notes
Severity: normal

With both OpenSSL 1.0.2 and 1.1 included in stretch,
the release notes should document which to choose for
compiling 3rd party software.

In most cases either will work, but in some circumstances
compiling against the wrong OpenSSL version will result
in a crashing application (if some library used uses the
other OpenSSL version and incompatible data is passed
from one OpenSSL version to the other).

It was decided to not force the correct OpenSSL version through
libssl1.0-dev/libssl-dev dependencies.

For packages included in stretch choosing the correct OpenSSL
version was implemented through a review by Kurt half a year
ago and RC bugs forcing affected software to use the correct

For stretch users compiling 3rd party software this should be
properly documented.

One consumer of this information should be stretch-backports,
whenever a package uses libssl1.0-dev in stretch but libssl-dev
in buster the information is required whether compiling with
libssl-dev in stretch-backports is safe.

--- End Message ---
--- Begin Message ---
Dear reporter,

Thanks for taking the time long ago to submit your release notes bug.
I'm closing these reports now because the Debian releases they were
reported against have reached their end-of-life (some long ago).

Unfortunately it's possible that the report I'm now closing may still
have relevant information for the current release (bullseye). If you
believe that's the case, don't hesitate to reopen the bug, retitle it
and provide further information and it will be seen during the current
freeze period of Debian.


Attachment: OpenPGP_signature
Description: OpenPGP digital signature

--- End Message ---

Reply to: