Re: openssl-vulnkey and python
On Thu, Aug 27, 2009 at 07:39:04AM +0100, Neil Williams wrote:
> On Thu, 27 Aug 2009 15:46:51 +0930
> Ron <email@example.com> wrote:
> > On Thu, Aug 27, 2009 at 07:09:04AM +0100, Neil Williams wrote:
> > > On Thu, 27 Aug 2009 15:12:20 +0930
> > > Ron <firstname.lastname@example.org> wrote:
> > >
> > > > On Wed, Aug 26, 2009 at 08:16:18PM +0100, David Goodenough wrote:
> > > > > Actually it is openssl-blacklist that contains openssl-vulnkey, and
> > > > > in sid openssl depends on that. And as openssl-vulnkey is written in
> > > > > python it is rather needed.
> If openssl did depend on the blacklist that would be a Policy violation
> as it would make a circular dependency - the blacklist depends on
> openssl, not vice versa.
> Is something else bringing in the blacklist?
Looks like ssl-cert and openvpn are the prime candidates for dragging
that in as a hard dep. A bunch of other packages depend on ssl-cert.
> OK, misread that but openssl itself doesn't depend on the blacklist, do
> you really need the SSL blacklist itself on an embedded device?
Depends on the device I guess. Mostly I've just noticed that python
is getting near impossible to get rid of on any $real system, and the
reasons for that are mostly quite spurious like this one.