Re: HEADS UP: upcoming change to libgcrypt and other gnupg libraries for Enigmail backport
On 2018-12-20 Daniel Kahn Gillmor <firstname.lastname@example.org> wrote:
> On Wed 2018-12-19 11:59:46 -0500, Antoine Beaupré wrote:
>> On 2018-12-18 14:34:06, Emilio Pozuelo Monfort wrote:
>>> libgcrypt is a bit more worrying, even after dropping most of the noise:
>>> $ diff libgcrypt20-1.*/ | filterdiff -x '*.pc/*' -x '*/debian/*' -x '*/tests/*'
>>> | diffstat | tail -1
>>> 263 files changed, 51927 insertions(+), 14888 deletions(-)
>> Yeah, that's my concern as well.
>> Daniel, what do you think of that diff? Is that something we can
>> reasonably review? How much can we expect stability in that upgrade?
>> I know you stated before general principles of gpg vs lib / API
>> stability, but I'd be curious to hear your thoughts on gcrypt, in this
>> specific case.
> I agree that an upgrade to gcrypt is the biggest risk here, and i'm not
> sure how to evaluate it other than running what meager rdep test suites
> we have in jessie. I don't know whether anyone who has been working on
> ci.debian.net is following this discussion, but i think it points to
> some really salient use cases for test infrastructure. How nice it
> would be if a DD could upload a prospective package and say "please run
> all test suites for reverse dependencies!"
> Andreas Metzler (cc'ed here) has been a stalwart steward of gcrypt in
> debian for many years, even after GnuTLS switched to nettle, and
> probably has the best sense of what kind of system integration dangers
> might lurk in the proposed upgrade for jessie. Perhaps he can comment
> on it?
looking at my mail archive gcrypt updates since 1.6 (i.e. since the last
soname bump) have been very painless. The only breakage in rdeps I found
was #816104, going from 1.6 to 1.7.
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'