Bug#760473: Further analysis and a patch

To: Lennart Weller <lhw@ring0.de>, 760473@bugs.debian.org
Subject: Bug#760473: Further analysis and a patch
From: Julian Andres Klode <jak@debian.org>
Date: Tue, 18 Aug 2015 10:12:42 +0200
Message-id: <[🔎] 20150818100320.GA18500@debian.org>
Mail-followup-to: Julian Andres Klode <jak@debian.org>, Lennart Weller <lhw@ring0.de>, 760473@bugs.debian.org
Reply-to: Julian Andres Klode <jak@debian.org>, 760473@bugs.debian.org
In-reply-to: <[🔎] acf45990250300794906fe2af71c7930@rainloop>
References: <[🔎] 20150811175008.GA13304@crossbow> <20150130100108.GA31539@bfw-online.de> <[🔎] acf45990250300794906fe2af71c7930@rainloop>

On Tue, Aug 18, 2015 at 07:17:56AM +0000, Lennart Weller wrote:
> August 11 2015 7:54 PM, "David Kalnischkies" <david@kalnischkies.de> wrote:
> > apt does not link indirectly to libnettle nor to libcurl-gnutls. The
> > optinal apt-transport-https does. That is a big difference for
> > bootstrappers as it means they can ignore -https for the time being
> > until the base system is up and running and can then be used to build
> > "proper" packages.
> 
> I was indeed wrong about that assumption. wget on the other hand, which is
> marked important and part of the base system, is linked against libnettle.
> So the library will most likely exist on all but the most minimal systems
> on which the base system is not defined by the debian policy.

It's nice that wget does that, they're free to do whatever they want. And
we are free to decide what we want to link against.

> 
> > So, big thanks for the patch, but I have to pull the marker as we can't
> > apply it as is. What could be done maybe is dlopen libnettle (and/or
> > others if available) and use them and otherwise fallback to our own
> > slower but always available code. We could then Recommends libnettle and
> > make everyone happy, I guess… just, libnettle seems to be a bit too
> > unstable in its ABI, which is another problem with this patch ATM as
> > every ABI break in nettle means we are required to make one in
> > libapt-pkg, too, entangling use in their transition…
> > Caused by e.g. SHA256Summation having a struct sha256_ctx member, which
> > could have a size change in a newer libnettle abi, so the size of
> > SHA256Summation would change, too (that could be avoided through via the
> > use of a d-pointer).
> 
> I get your point but the wget authors did consider it to be stable enough to
> include it in their software. I might have a look at rewriting the patch
> as a dynamically linked version. In which case I could also add openssl,
> which is also part of the base system, as second fall-back.

You seem to be confused:

(1) wget is not a library, so ABI stability does not matter for it. We
    would need a library transition every time nettle has one, and we
    don't want that.

(2) APT cannot link to OpenSSL, as the OpenSSL license is incompatible
    to the GPL.

Also, the existing code works and is reasonably fast, so replacing
it is IMHO not a good idea. If we can reach 30 or 23 MB/s does
not really matter, there is no reasonable gain here (1 GB takes
33 seconds at 30 MB/s, or 44 seconds at 23 MB/s, and updates
are usually *much* smaller).

So don't waste your time, we're not going to merge any patch adding
a dependency.

-- 
Julian Andres Klode  - Debian Developer, Ubuntu Member

See http://wiki.debian.org/JulianAndresKlode and http://jak-linux.org/.

Be friendly, do not top-post, and follow RFC 1855 "Netiquette".
    - If you don't I might ignore you.

Reply to:

References:
- Bug#760473: Further analysis and a patch
  - From: David Kalnischkies <david@kalnischkies.de>
- Bug#760473: Further analysis and a patch
  - From: "Lennart Weller" <lennart@lennartweller.de>

Prev by Date: Bug#760473: Further analysis and a patch
Next by Date: Bug#760473: marked as done (apt method http uses 100% cpu with high transfer rate)
Previous by thread: Bug#760473: Further analysis and a patch
Next by thread: Bug#416963: marked as done (should use "min" rather than "m" for referring to minutes)
Index(es):
- Date
- Thread