Bug#521433: ITP: globus-openssl -- Globus Toolkit - Openssl Library and Programs

[Steffen Moeller <steffen_moeller@gmx.de>]

Hello,

Mattias Ellert wrote:
> Simon Josefsson <simon@josefsson.org>:
>> What does this mean? Is globus-openssl a fork of openssl, or some kind
>> of meta-package that depends on openssl? I recall globus using a
>> highly patched openssl in the past, have this been resolved?
[...]
> However, since globus uses gpt to build its libraries it needs gpt
> metadata about the openssl library to fulfil its build dependencies.
> This package only provides this metadata about the system version of the
> openssl library.
> 
> If you look in the source tarball for this package you see a single XML
> file and nothing else.

I would like to throw in the comment that a package with only a single XML file in it
might look strange at first. Though it is a tremendous gain that Mattias has achieved (all
patches communicated back to and accepted by upstream) that allowed for the
substitution of the old-rather-problematic-globus-openssl version with Debian's regular
openssl.  The "close to empty" package preserves the compatibility with software that (by
name) depends on globus-openssl but now get Debian-openssl, instead. It was this effort
and a comparable one for globus-ldap that rendered the packaging of Globus free of
licensing conflicts and hence a tangible possibility.

Steffen