Your message dated Mon, 06 Jul 2026 15:04:36 -0400
with message-id <[email protected]>
and subject line Re: Bug#1140558: Clarify openssl vs nettle usage in Debian
has caused the Debian Bug report #1140558,
regarding Clarify openssl vs nettle usage in Debian
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1140558: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1140558
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: sq
Version: 1.3.1-10
Severity: important
X-Debbugs-Cc: [email protected]

Hi,

while researching sq on various operating systems, I've noticed that 
various other distros use the OpenSSL backend, while Debian's sq 
uses the nettle backend.

That seemed fine, however debcargo.toml also claims some openssl 
dependency:

https://sources.debian.org/src/rust-sequoia-sq/1.3.1-10/debian/debcargo.toml#L16

  [packages.bin]
  multi_arch = "foreign"
  depends = [ "openssl" ]

That left me wondering if Debian's sq was meant to use openssl 
instead of nettle.

Please clarify which backend was intended to be used.

Thanks,
Chris


PS: currently, ldd /usr/bin/sq shows:
        linux-vdso.so.1 (0x0000ffff9d7fb000)
        libsqlite3.so.0 => /usr/lib/aarch64-linux-gnu/libsqlite3.so.0 
(0x0000ffff9c1a0000)
        libnettle.so.8 => /usr/lib/aarch64-linux-gnu/libnettle.so.8 
(0x0000ffff9c130000)
        libhogweed.so.6 => /usr/lib/aarch64-linux-gnu/libhogweed.so.6 
(0x0000ffff9c0c0000)
        libgmp.so.10 => /usr/lib/aarch64-linux-gnu/libgmp.so.10 
(0x0000ffff9c010000)
        libgcc_s.so.1 => /usr/lib/aarch64-linux-gnu/libgcc_s.so.1 
(0x0000ffff9bfd0000)
        libm.so.6 => /usr/lib/aarch64-linux-gnu/libm.so.6 (0x0000ffff9bf10000)
        libc.so.6 => /usr/lib/aarch64-linux-gnu/libc.so.6 (0x0000ffff9bd50000)
        /lib/ld-linux-aarch64.so.1 (0x0000ffff9d7b0000)

--- End Message ---
--- Begin Message ---
Version: 1.3.1-11

On Mon 2026-06-22 19:16:36 +0200, Chris Hofstädtler wrote:
> while researching sq on various operating systems, I've noticed that 
> various other distros use the OpenSSL backend, while Debian's sq 
> uses the nettle backend.

Debian has been shipping sequoia tooling since before there was an
openssl backend.  Nettle is a solid cryptographic library, one with
significantly better ergonomics than OpenSSL's complex API surface.

nettle also happens to be sequoia's default cryptographic backend.

> That seemed fine, however debcargo.toml also claims some openssl 
> dependency:
>
> https://sources.debian.org/src/rust-sequoia-sq/1.3.1-10/debian/debcargo.toml#L16
>
>   [packages.bin]
>   multi_arch = "foreign"
>   depends = [ "openssl" ]

This was fixed by Alexander Kjall in 1.3.1-11.  Thanks for catching it,
Chris!

> That left me wondering if Debian's sq was meant to use openssl 
> instead of nettle.

I think we should stick to nettle unless there is some compelling and
explicit reason to switch cryptographic backends.

         --dkg

Attachment: signature.asc
Description: PGP signature


--- End Message ---

Reply via email to