On giovedì 4 gennaio 2018 15:03:38 CET Eric Valette wrote: > On 01/04/2018 02:25 PM, Pino Toscano wrote: > > On giovedì 4 gennaio 2018 14:17:59 CET Eric Valette wrote: > >>> this is a duplicate of bug #850888, since the dependency in the -dev > >>> package depends on which libssl was used for the build. When > >>> kdelibs4support is ported to libssl1.1, then the dependency in the -dev > >>> package will be updated. > >> But if the kdelibs4supportpackage was build using libsll1.0-dev, then > >> some kdelibs4support generated packages should depend on libsll1.0.0 > >> which is not the case. > > > > kdelibs4support is built against libssl1.0. There are few publich > > headers of it that include libssl headers, so that warrants the > > dependency in the -dev package -- but they are not used a lot, so it > > will not cause a dependency on that on the majority (if not all) of > > packages that build using kdelibs4support (also almost all the > > kde-related packages are built using --as-needed). > > > > So, what you said is not true, and partially does not make any sense. > > Sorry to be stupid but: > > If I understand, the include exported libkf5kdelibs4support-dev by > require the sll headers because some of them are included but are not > used by the packages itself. Right? No, there are parts of kdelibs4support that use OpenSSL, but because of its obnoxious license then it is not common for code using OpenSSL to link directly to it. > But then other packages build using kdelibs4supportpackage-dev should > then depend on libsll1.0.0 if they really use the headers requiring ssl > includes and sll API and not only macros As I wrote above, the usage of the SSL-using parts in kdelibs4support is not common; indeed, if anything links to kdelibs4support and uses those parts, then it must use libssl1.0-dev (same as kdelibs4support to avoid API mismatches), which is a dependency in our -dev. > which is not the case as shown via apt-rdepends in original report. There is no such "libssl1.0.0" in Debian, so you indeed get almost no packages depending on it. The library for libssl1.0-dev is libssl1.0.2, and you can verify there are still many packages depending on it. -- Pino Toscano
Attachment:
signature.asc
Description: This is a digitally signed message part.