On Mon, Mar 21, 2016 at 20:20:22 +0000, Chris Knadle wrote: > Julien Cristau: > > On Sun, Mar 20, 2016 at 01:55:55 +0000, Chris Knadle wrote: > > > >> Emilio Pozuelo Monfort: > >>> On 19/03/16 19:23, Chris Knadle wrote: > >>>> Greetings. > >>>> > >>>> Executive summary: > >>>> I'd like to know if there is metadata that can be added to the Qt4 and > >>>> Qt5 > >>>> packages (qt4-x11 and qtbase-opensource-src) which will indicate that > >>>> they > >>>> need to be binNMUed for OpenSSL transitions at nearly the same time that > >>>> Mumble gets binNMUed. > >> [...] > >>>> Is this possible? > >>> > >>> There's no way to express that kind of relationship. Not unless you get > >>> into > >>> complex territory which isn't really worth it in this case. Normally > >>> binNMUs > >>> are scheduled at the same time, so in theory this shouldn't be such a big > >>> issue. And it would only affect unstable users, only for a short amount of > >>> time. > >> > >> Ehhh... okay. The last OpenSSL binNMU had an 11-day difference between > >> Mumble getting rebuilt and qt4-x11 being rebuilt in Sid. That's a short > >> time in release terms, but a long time in terms of users finding Mumble > >> broken and waiting for it to be fixed. > >> > >> Either way I have my answer. Thank you very much. > >> > > What would it take to fix qt to properly link with libssl? > > There's an -openssl-linked ./configure option for building Qt with: > > https://doc.qt.io/qt-4.8/ssl.html > > However it's thought that the -openssl-linked option isn't viable due to > licensing concerns that would result: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804487#147 > I don't think dlopen(libssl) vs gcc -lssl makes any difference licensing-wise, I suspect either they're both ok or they're both not ok...
Cheers, Julien