On Mon, Nov 21, 2016 at 01:03:19AM +0400, Stepan Golosunov wrote:
> So far I do not know why using libssl1.1 together with a
> libssl1.0.2-using Qt wouldn't work.
Well I don't know enough about the dynamic linker and about the internals
of openssl to know if (indirectly) linking to both libraries at the same
time is fine.
If it was, that would be great news. Many mails in the thread "OpenSSL
1.1.0" on debian-devel seem to be based on the assumption that such
linking could cause bugs, and therefore packages can only transition in
clusters of packages linking to the same version of openssl.
Still, qt is only an example - the same holds true for other libraries
linking to openssl1.0-dev. There may be cases where your 2nd case
('Application passes OpenSSL objects from libssl1.1 to ...') is more
probable than with qt.
The safest way to avoid hidden bugs would still be changing SONAME and
package name, so package maintainers would be aware of the change and
could check their packages for compatibility.
But yes, it may be less work to somehow identify affected packages and
handle them directly instead of forcing all packages depending on curl
through a transition. Identifying those packages in a reliable way could
be difficult, though.
Jan
