* Junichi Uekawa (dancer@netfort.gr.jp) wrote: > > What about it would avoid libssl0.9.6 problems? Nothing I saw would > > solve the problems of multiple versions of a library ending up linked > > into the same process except the symbol versioning portion, which is > > what I'm advocating here but you seem to be against while offering > > 'solutions' that either don't deal with the problem at all or only solve > > a portion of it. > > Following libpkg-guide will avoid future similar problems. Wrong, wrong, wrong. Quit spreading misinformation. > To work around libssl problem, you can certainly use > symbol versioning. That's a solution and what I'm trying to push for. > You could also take an approach of pulling out libssl-dev, > and making packages to Build-Depend on libssl0.9.7-dev libssl0.9.6-dev > explicitly, and starting to rebuild packages against them. > > That way, within Debian, it is not possible to build a package > that is simultaneously linked against libssl0.9.6 and libssl0.9.7. > > That is what libpkg-guide documents. Will you please just quit with the foolish claims? Even if packages build-depend on a specific library version a running process can end up being linked against two versions of a library. Here we go, again: At time X libssl0.9.6-dev is in Debian. At time X ssh is built against libssl0.9.6-dev. At time Y libssl0.9.7-dev is uploaded to Debian. At time Y libldap2 is built against libssl0.9.7-dev. At time Z a user installs libssl0.9.6, libssl0.9.7, ssh, libldap2 and libpam-ldap, all of which are in Debian and all of which can be installed without any problems with dependencies. At time Z the ssh process will end up linked (AT RUNTIME) to both libssl0.9.6 *AND* libssl0.9.7. ssh will end up segfaulting because of this. *Please* tell me you see and understand the problem. I'm really getting tired of having to explain it to you over and over again. Stephen
Attachment:
pgppnVAJpKYFZ.pgp
Description: PGP signature