Bug#748535: marked as done (transition: gnutls28)

To: Jonathan Wiltshire <jmw@debian.org>
Subject: Bug#748535: marked as done (transition: gnutls28)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sat, 01 Nov 2014 10:18:11 +0000
Message-id: <[🔎] handler.748535.D748535.141483689622381.ackdone@bugs.debian.org>
References: <20141101101451.GC9785@lupin.home.powdarrmonkey.net> <20140518065253.GA2360@downhill.g.la>

Your message dated Sat, 1 Nov 2014 10:14:51 +0000
with message-id <20141101101451.GC9785@lupin.home.powdarrmonkey.net>
and subject line Re: Bug#748535: transition: gnutls28
has caused the Debian Bug report #748535,
regarding transition: gnutls28
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
748535: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748535
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: transition: gnutls28
From: Andreas Metzler <ametzler@bebt.de>
Date: Sun, 18 May 2014 08:52:53 +0200
Message-id: <20140518065253.GA2360@downhill.g.la>
In-reply-to: <20140421144153.GB2866@downhill.g.la>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: transition

Hello,

I would like to ship jessie without GnuTLS 2.x (gnutls26) as it is
dead upstream and _old_. The last upstream release was in February
2013, marking the end of a multi-year series of bugfix-only releases.

Transitioning to GnuTLS 3.x is possible nowadays because GMP has
switched to LGPLv3+/GPLv2+.

Relevant bugs (as reported so far) are usertagged
<https://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=gnutls3;users=ametzler@debian.org>.

The newer gnutls version is mostly API compatible, only a handful
(less than 5) packages showed build-breakage due to removed functions
in my test. (Sadly openldap is one of the candidates (ITS#7430 aka
ITS#6359).

Almost all breakage is due to gnutls switching from gcrypt to nettle,
breaking the assumption the -lgcrypt works if -lgnutls does. While
there is a obvious solution to this problem (Package: libgnutls-dev /
Depends: libgnutls28-dev, libgcrypt20-dev | libgcrypt11-dev) it is
probably not the right one to actually ship.

Most of this gcrypt usage superfluous, only adapting gcrypt behavior
on the assumption that it is used by gnutls. Of the rest, a big part
is only using and handful of gcrypt functions (typicall md5 or sha1)
and would do well with doing this with the GnuTLS crypto API instead
of adding another dependency.

I am not sure how to go about this I am looking at packages one at a
time. Perhaps it would be better to do a big move like this:
#1 Let libgnutls-dev depend on libgnutls28-dev, libgcrypt20-dev |
   libgcrypt11-dev.
#2 Rebuild everything, transition to testing.
#3 Get rid of unnecessary gcrypt usage one at a time, add
   libgcrypt20-dev dependency where really necessary
#4 Drop libgnutls-dev's dependency on gcrypt.

While this looks good, I expect there will be some
#2a Some packages break, they build successfully but break at runtime

cu Andreas

Ben file:

title = "gnutls28";
is_affected = .depends ~ "libgnutls26" | .depends ~ "libgnutls-dev" | .depends ~ "libgnutlsxx27" | .depends ~ "libgnutls28" | .depends ~ "libgnutls28-dev" | .depends ~ "libgnutlsxx28";
is_good = .depends ~ "libgnutls28" | .depends ~ "libgnutls28-dev" | .depends ~ "libgnutlsxx28";
is_bad = .depends ~ "libgnutls26" | .depends ~ "libgnutls-dev" | .depends ~ "libgnutlsxx27";


-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

Attachment: signature.asc
Description: Digital signature

--- End Message ---

--- Begin Message ---

To: Andreas Metzler <ametzler@bebt.de>, 748535-done@bugs.debian.org

Subject: Re: Bug#748535: transition: gnutls28

From: Jonathan Wiltshire <jmw@debian.org>

Date: Sat, 1 Nov 2014 10:14:51 +0000

Message-id: <20141101101451.GC9785@lupin.home.powdarrmonkey.net>

In-reply-to: <20140518065253.GA2360@downhill.g.la>

References: <20140421144153.GB2866@downhill.g.la> <20140518065253.GA2360@downhill.g.la>
On Sun, May 18, 2014 at 08:52:53AM +0200, Andreas Metzler wrote:
> I would like to ship jessie without GnuTLS 2.x (gnutls26) as it is
> dead upstream and _old_. The last upstream release was in February
> 2013, marking the end of a multi-year series of bugfix-only releases.

gnutls26 left Jessie this morning, and gnutls28 successfully migrated.

-- 
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
Attachment: signature.asc
Description: Digital signature

--- End Message ---

Reply to:

Prev by Date: Bug#767587: please prevent auto-removal of mysql-workbench from "testing"
Next by Date: Bug#757575: marked as done (transition: libgcrypt20)
Previous by thread: Bug#767587: marked as done (please prevent auto-removal of mysql-workbench from "testing")
Next by thread: Bug#757575: marked as done (transition: libgcrypt20)
Index(es):
- Date
- Thread