Re: Qt and OpenSSL transition metadata in relation to Mumble package
On Mon, Mar 21, 2016 at 20:20:22 +0000, Chris Knadle wrote:
> Julien Cristau:
> > On Sun, Mar 20, 2016 at 01:55:55 +0000, Chris Knadle wrote:
> >
> >> Emilio Pozuelo Monfort:
> >>> On 19/03/16 19:23, Chris Knadle wrote:
> >>>> Greetings.
> >>>>
> >>>> Executive summary:
> >>>> I'd like to know if there is metadata that can be added to the Qt4 and Qt5
> >>>> packages (qt4-x11 and qtbase-opensource-src) which will indicate that they
> >>>> need to be binNMUed for OpenSSL transitions at nearly the same time that
> >>>> Mumble gets binNMUed.
> >> [...]
> >>>> Is this possible?
> >>>
> >>> There's no way to express that kind of relationship. Not unless you get into
> >>> complex territory which isn't really worth it in this case. Normally binNMUs
> >>> are scheduled at the same time, so in theory this shouldn't be such a big
> >>> issue. And it would only affect unstable users, only for a short amount of
> >>> time.
> >>
> >> Ehhh... okay. The last OpenSSL binNMU had an 11-day difference between
> >> Mumble getting rebuilt and qt4-x11 being rebuilt in Sid. That's a short
> >> time in release terms, but a long time in terms of users finding Mumble
> >> broken and waiting for it to be fixed.
> >>
> >> Either way I have my answer. Thank you very much.
> >>
> > What would it take to fix qt to properly link with libssl?
>
> There's an -openssl-linked ./configure option for building Qt with:
>
> https://doc.qt.io/qt-4.8/ssl.html
>
> However it's thought that the -openssl-linked option isn't viable due to
> licensing concerns that would result:
>
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804487#147
>
I don't think dlopen(libssl) vs gcc -lssl makes any difference
licensing-wise, I suspect either they're both ok or they're both not
ok...
Cheers,
Julien
Reply to: