Re: HEADS UP: upcoming change to libgcrypt and other gnupg libraries for Enigmail backport

To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Cc: Antoine Beaupré <anarcat@orangeseeds.org>, Emilio Pozuelo Monfort <pochu@debian.org>, debian-lts@lists.debian.org
Subject: Re: HEADS UP: upcoming change to libgcrypt and other gnupg libraries for Enigmail backport
From: Andreas Metzler <ametzler@bebt.de>
Date: Thu, 20 Dec 2018 14:00:18 +0100
Message-id: <[🔎] 20181220130018.GA5213@argenau.bebt.de>
In-reply-to: <[🔎] 87pntxxg6h.fsf@fifthhorseman.net>
References: <[🔎] 87zht94219.fsf@curie.anarc.at> <[🔎] bfc66b55-1001-5d4e-4b5d-c5c656171b75@debian.org> <[🔎] 6a8835ce-f54d-faa6-2689-aeb91b1b60fa@debian.org> <[🔎] 87tvj9v4e5.fsf@curie.anarc.at> <[🔎] 87pntxxg6h.fsf@fifthhorseman.net>

On 2018-12-20 Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:
[...]
> On Wed 2018-12-19 11:59:46 -0500, Antoine Beaupré wrote:
>> On 2018-12-18 14:34:06, Emilio Pozuelo Monfort wrote:
>>> libgcrypt is a bit more worrying, even after dropping most of the noise:

>>> $ diff libgcrypt20-1.*/ | filterdiff -x '*.pc/*' -x '*/debian/*' -x '*/tests/*'
>>> | diffstat | tail -1
>>>  263 files changed, 51927 insertions(+), 14888 deletions(-)

>> Yeah, that's my concern as well.

>> Daniel, what do you think of that diff? Is that something we can
>> reasonably review? How much can we expect stability in that upgrade?

>> I know you stated before general principles of gpg vs lib / API
>> stability, but I'd be curious to hear your thoughts on gcrypt, in this
>> specific case.

> I agree that an upgrade to gcrypt is the biggest risk here, and i'm not
> sure how to evaluate it other than running what meager rdep test suites
> we have in jessie.  I don't know whether anyone who has been working on
> ci.debian.net is following this discussion, but i think it points to
> some really salient use cases for test infrastructure.  How nice it
> would be if a DD could upload a prospective package and say "please run
> all test suites for reverse dependencies!"

> Andreas Metzler (cc'ed here) has been a stalwart steward of gcrypt in
> debian for many years, even after GnuTLS switched to nettle, and
> probably has the best sense of what kind of system integration dangers
> might lurk in the proposed upgrade for jessie.  Perhaps he can comment
> on it?
[...]

Hello,

looking at my mail archive gcrypt updates since 1.6 (i.e. since the last
soname bump) have been very painless. The only breakage in rdeps I found
was #816104, going from 1.6 to 1.7.
http://thread.gmane.org/gmane.comp.encryption.gpg.libgcrypt.devel/4487

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Reply to:

References:
- HEADS UP: upcoming change to libgcrypt and other gnupg libraries for Enigmail backport
  - From: Antoine Beaupré <anarcat@orangeseeds.org>
- Re: HEADS UP: upcoming change to libgcrypt and other gnupg libraries for Enigmail backport
  - From: Emilio Pozuelo Monfort <pochu@debian.org>
- Re: HEADS UP: upcoming change to libgcrypt and other gnupg libraries for Enigmail backport
  - From: Emilio Pozuelo Monfort <pochu@debian.org>
- Re: HEADS UP: upcoming change to libgcrypt and other gnupg libraries for Enigmail backport
  - From: Antoine Beaupré <anarcat@orangeseeds.org>
- Re: HEADS UP: upcoming change to libgcrypt and other gnupg libraries for Enigmail backport
  - From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Prev by Date: Bug#916912: [pre-approval] stretch-pu: package freerdp/1.1.0~git20140921.1.440916e+dfsg1-13+deb9u3
Next by Date: Re: proposed removal of Enigmail from jessie/LTS
Previous by thread: Re: HEADS UP: upcoming change to libgcrypt and other gnupg libraries for Enigmail backport
Next by thread: Jessie update of gnutls28?
Index(es):
- Date
- Thread