Re: Qt and OpenSSL transition metadata in relation to Mumble package

To: Julien Cristau <jcristau@debian.org>
Cc: Emilio Pozuelo Monfort <pochu@debian.org>, debian-release@lists.debian.org
Subject: Re: Qt and OpenSSL transition metadata in relation to Mumble package
From: Chris Knadle <Chris.Knadle@coredump.us>
Date: Mon, 21 Mar 2016 21:52:29 +0000
Message-id: <[🔎] 56F06D1D.9090002@coredump.us>
In-reply-to: <[🔎] 20160321212043.GD6200@betterave.cristau.org>
References: <[🔎] 56ED990A.7080703@coredump.us> <[🔎] 56EDE776.8000808@debian.org> <[🔎] 56EE032B.8060901@coredump.us> <[🔎] 20160321190654.GA6200@betterave.cristau.org> <[🔎] 56F05786.3080304@coredump.us> <[🔎] 20160321212043.GD6200@betterave.cristau.org>

Julien Cristau:
> On Mon, Mar 21, 2016 at 20:20:22 +0000, Chris Knadle wrote:
> 
>> Julien Cristau:
>>> On Sun, Mar 20, 2016 at 01:55:55 +0000, Chris Knadle wrote:
>>>
>>>> Emilio Pozuelo Monfort:
>>>>> On 19/03/16 19:23, Chris Knadle wrote:
>>>>>> Greetings.
>>>>>>
>>>>>> Executive summary:
>>>>>> I'd like to know if there is metadata that can be added to the Qt4 and Qt5
>>>>>> packages (qt4-x11 and qtbase-opensource-src) which will indicate that they
>>>>>> need to be binNMUed for OpenSSL transitions at nearly the same time that
>>>>>> Mumble gets binNMUed.
>>>> [...]
>>>>>> Is this possible?
>>>>>
>>>>> There's no way to express that kind of relationship. Not unless you get into
>>>>> complex territory which isn't really worth it in this case. Normally binNMUs
>>>>> are scheduled at the same time, so in theory this shouldn't be such a big
>>>>> issue. And it would only affect unstable users, only for a short amount of
>>>>> time.
>>>>
>>>> Ehhh... okay.  The last OpenSSL binNMU had an 11-day difference between
>>>> Mumble getting rebuilt and qt4-x11 being rebuilt in Sid.  That's a short
>>>> time in release terms, but a long time in terms of users finding Mumble
>>>> broken and waiting for it to be fixed.
>>>>
>>>> Either way I have my answer.  Thank you very much.
>>>>
>>> What would it take to fix qt to properly link with libssl?
>>
>> There's an -openssl-linked ./configure option for building Qt with:
>>
>>    https://doc.qt.io/qt-4.8/ssl.html
>>
>> However it's thought that the -openssl-linked option isn't viable due to
>> licensing concerns that would result:
>>
>>    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804487#147
>>
> I don't think dlopen(libssl) vs gcc -lssl makes any difference
> licensing-wise, I suspect either they're both ok or they're both not
> ok...
> 
> Cheers,
> Julien

I could try to talk to the maintainers of the Qt packages to see if they
know if using -openssl-linked is possible... I've been wanting to talk to
them about this for a while anyway.

   -- Chris

-- 
Chris Knadle
Chris.Knadle@coredump.us

Reply to:

References:
- Qt and OpenSSL transition metadata in relation to Mumble package
  - From: Chris Knadle <Chris.Knadle@coredump.us>
- Re: Qt and OpenSSL transition metadata in relation to Mumble package
  - From: Emilio Pozuelo Monfort <pochu@debian.org>
- Re: Qt and OpenSSL transition metadata in relation to Mumble package
  - From: Chris Knadle <Chris.Knadle@coredump.us>
- Re: Qt and OpenSSL transition metadata in relation to Mumble package
  - From: Julien Cristau <jcristau@debian.org>
- Re: Qt and OpenSSL transition metadata in relation to Mumble package
  - From: Chris Knadle <Chris.Knadle@coredump.us>
- Re: Qt and OpenSSL transition metadata in relation to Mumble package
  - From: Julien Cristau <jcristau@debian.org>

Prev by Date: Re: Qt and OpenSSL transition metadata in relation to Mumble package
Next by Date: Bug#797906: jessie-pu: package dolibarr/3.5.5+dfsg1-2
Previous by thread: Re: Qt and OpenSSL transition metadata in relation to Mumble package
Next by thread: Re: Qt and OpenSSL transition metadata in relation to Mumble package
Index(es):
- Date
- Thread