>>>>> "Steve" == Steve Langasek <steve.langa...@canonical.com> writes: Steve> I've therefore prepared and uploaded the attached patch to Steve> mantic, which implements your option 1. I note you only Steve> mentioned adding Breaks: against older libk5crypto3; a scan Steve> of the binary packages showed many other reverse-dependencies Steve> of libkrb5support0 using strlcpy and strlcat, so rather than Steve> trusting that a Breaks: of libk5crypto3 would be enough to Steve> force the upgrade together, I added explicit Breaks: against Steve> all of these other packages.
I've applied your patch, adjusting the version number for the breaks for Debian. Including the strict binary dependency in symbols was clever, I would not have thought of that. I do think that breaking libk5crypto3 would have gotten many of the other libraries transitively (as an example krb5-user depends strictly on libkrb5-3, and libkrb5-3 has depended on the exact version of libkrb5support0 for a while. But your patch is more conservative, and that is best in this instance. Thanks very much for your contribution.