Bug#827061: Please commit to OpenSSL 1.0.2 in stretch now not constantly re-evaluateing

[Sam Hartman <hartmans@debian.org>]

>>>>> "Sebastian" == Sebastian Andrzej Siewior <sebastian@breakpoint.cc> writes:

    Sebastian> On 2016-10-31 11:16:38 [-0400], Sam Hartman wrote:
    >> At least one of the clusters of packages I'm involved
    >> in--shibboleth and moonshot will require some real upstream
    >> porting effort.  That's under way in a time scale that will work
    >> for buster, but is very unlikely to meet the stretch freeze
    >> timeline.

    Sebastian> Do you want me to look into moonshot-gss-eap? The other
    Sebastian> moonshot-* package with the RC bug won't be part of
    Sebastian> current testing. I didn't find anything that matches
    Sebastian> shibboleth.

Hi.
I'm really sorry I didn't get a chance to respond earlier. I was
traveling.
Shibboleth comprises opensaml, xmltooling, heavily depends on
xml-security-c and shibboleth-sp2.
Ferenc Wágner (copied) has been handling the Shibboleth packaging and
has an understanding of where the upstream efforts are.  There's been
discussion on pkg-shibboleth-dev@lists.alioth.debian.org.
The area that I tdon't think anyone has examined in the moonshot cluster
is libradsec, which also depends on libevent fairly heavily.