subject:"Re\: Openssl 1.0.0"

Re: Openssl 1.0.0

2011-04-06 Thread Kurt Roeckx

On Wed, Apr 06, 2011 at 12:45:03AM +0200, Julien Cristau wrote:
 On Sun, Feb 13, 2011 at 00:27:51 +0100, Kurt Roeckx wrote:
 
  Hi,
  
  I would like to upload version 1.0.0(d) to unstable soon.  It
  changes soname, but as far as I know the API is still compatible
  with the old one, and you should be able to rebuild everything
  against the new version.
  
 So this is started now.  Most packages should be fine because we keep
 libssl0.9.8 around for a while.  However, the udeb needed for openssh is
 going away, which means we'd need to migrate openssl, openssl098 and
 openssh together to testing.  That might not work out because of
 #612607, which Colin says nobody knows how to fix yet.
 
 I can see two ways out.  One is ignoring the bug and getting the new
 openssh in testing anyway.  The other is to force libcrypto0.9.8-udeb to
 stay in testing for now.  Please pick one (or an alternative I'm not
 thinking of). :)

Or re-introduce libcrypto0.9.8-udeb as part of the openssl098
source package.


Kurt


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110406071054.ga20...@roeckx.be

Re: Openssl 1.0.0

2011-04-05 Thread Julien Cristau

On Sun, Feb 13, 2011 at 00:27:51 +0100, Kurt Roeckx wrote:

 Hi,
 
 I would like to upload version 1.0.0(d) to unstable soon.  It
 changes soname, but as far as I know the API is still compatible
 with the old one, and you should be able to rebuild everything
 against the new version.
 
So this is started now.  Most packages should be fine because we keep
libssl0.9.8 around for a while.  However, the udeb needed for openssh is
going away, which means we'd need to migrate openssl, openssl098 and
openssh together to testing.  That might not work out because of
#612607, which Colin says nobody knows how to fix yet.

I can see two ways out.  One is ignoring the bug and getting the new
openssh in testing anyway.  The other is to force libcrypto0.9.8-udeb to
stay in testing for now.  Please pick one (or an alternative I'm not
thinking of). :)

Cheers,
Julien


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110405224503.gb3...@radis.liafa.jussieu.fr

Re: Openssl 1.0.0

2011-04-04 Thread Kurt Roeckx

On Mon, Apr 04, 2011 at 01:42:20PM +0900, Nobuhiro Iwamatsu wrote:
 Hi,
 
 I confirm that some packages still use SSLv2[1][2].
 I suggest that we do binNMU about openssl 1.0.

I'm sure we'll do binNMUs soon.  But I think the release
team might want to wait until 1.0.0 has reached testing.


Kurt


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110404164619.ga31...@roeckx.be

Re: Openssl 1.0.0

2011-04-03 Thread Nobuhiro Iwamatsu

Hi,

2011/3/9 Kurt Roeckx k...@roeckx.be:
 On Tue, Mar 08, 2011 at 11:11:15PM +0100, Jakub Wilk wrote:
 * Kurt Roeckx k...@roeckx.be, 2011-02-13, 00:27:
 I would like to upload version 1.0.0(d) to unstable soon. It
 changes soname, but as far as I know the API is still compatible
 with the old one, and you should be able to rebuild everything
 against the new version.

 Support for SSLv2 has been disabled in openssl 1.0.0c-2. We have a
 few dozens of packages in the archive that are not prepared for
 this: when rebuilt, they will either FTBFS or, worse, produce shared
 libraries with missing symbols.

 We really should stop using SSLv2.  It was either making the
 functions related to ssl 2 do nothing, and potentionally silently
 breaking the applications, or just removing the related function
 from the API and trying to make sure they fail on build and
 hopefully catch most of the problems like that.

 I think I'll also change some of the header files so that no v2
 related things are defined or declared, since the define for it
 doesn't seem to be used correctly everywhere.


I confirm that some packages still use SSLv2[1][2].
I suggest that we do binNMU about openssl 1.0.

[1]: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=620776
[2]: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=620777

Best regards,
  Nobuhirio
-- 
Nobuhiro Iwamatsu
   iwamatsu at {nigauri.org / debian.org}
   GPG ID: 40AD1FA6


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/banlktikuoo2-u8axkc3nn4zkjoj0xpy...@mail.gmail.com

Re: Openssl 1.0.0

2011-03-18 Thread Kurt Roeckx

Hi,

I'm still waiting for a reply to my questions.  If I don't hear
from you I will upload it to unstable a week from now.


Kurt


On Sun, Mar 06, 2011 at 03:07:47PM +0100, Kurt Roeckx wrote:
 Hi,
 
 I'm still waiting for a reply.
 
 
 Kurt
 
 On Sun, Feb 13, 2011 at 12:27:51AM +0100, Kurt Roeckx wrote:
  Hi,
  
  I would like to upload version 1.0.0(d) to unstable soon.  It
  changes soname, but as far as I know the API is still compatible
  with the old one, and you should be able to rebuild everything
  against the new version.
  
  I wonder if I need to upload an openssl098 source package at
  the same time to provide the current soname.  I would really
  like to avoid having the old soname in wheezy, so I would like
  to get rid of it as soon as possible and don't plan to keep
  a -dev package for it in any case.
  
  Please let me know what I should do, and when you think it's
  a good time to do that.
  
  
  Kurt
  
  
  -- 
  To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
  with a subject of unsubscribe. Trouble? Contact 
  listmas...@lists.debian.org
  Archive: http://lists.debian.org/20110212232751.gb9...@roeckx.be
  
 
 
 -- 
 To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
 with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
 Archive: http://lists.debian.org/20110306140747.ga17...@roeckx.be
 


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110318202211.ga2...@roeckx.be

Re: Openssl 1.0.0

2011-03-18 Thread Julien Cristau

On Sun, Feb 13, 2011 at 00:27:51 +0100, Kurt Roeckx wrote:

 Hi,
 
 I would like to upload version 1.0.0(d) to unstable soon.  It
 changes soname, but as far as I know the API is still compatible
 with the old one, and you should be able to rebuild everything
 against the new version.
 
 I wonder if I need to upload an openssl098 source package at
 the same time to provide the current soname.  I would really
 like to avoid having the old soname in wheezy, so I would like
 to get rid of it as soon as possible and don't plan to keep
 a -dev package for it in any case.
 
We should keep both SONAMES in sid and wheezy for now, IMO.  So I think
that means first upload openssl 1.0.0 as a new source package without
the -dev (this can probably happen now).  Then when that's in testing
and you get an ack, switch the -dev from 0.9.8 to 1.0.0.

 Please let me know what I should do, and when you think it's
 a good time to do that.
 
We'll let you know.  Thanks for your patience.

Cheers,
Julien


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110318203023.gs12...@radis.liafa.jussieu.fr

Re: Openssl 1.0.0

2011-03-18 Thread Kurt Roeckx

On Fri, Mar 18, 2011 at 09:30:23PM +0100, Julien Cristau wrote:
 We should keep both SONAMES in sid and wheezy for now, IMO.  So I think
 that means first upload openssl 1.0.0 as a new source package without
 the -dev (this can probably happen now).  Then when that's in testing
 and you get an ack, switch the -dev from 0.9.8 to 1.0.0.

If all you want to do is to have both libssl0.9.8 and libssl1.0.0
both in testing at the same time, I don't see why you want to do
it like that.  I could just upload a openssl098 source package
just containing libssl0.9.8(-dbg), and have the openssl source
package provide libssl1.0.0 and libssl-dev.  It shouldn't take
that long for the openssl098 pacakge to migrate to testing.

I could also upload an openssl098 source package that provides
the libssl0.9.8(-dbg) and libssl-dev binary package.  And I would
upload an openssl source package that provides libssl1.0.0(-dbg),
openssl, and libcrypto1.0.0-udeb, so without -dev package.  And
once openssl098 is migrated to testing I could change the -dev
package.  But it seems to be more work, and I don't see the what
that would gain us.


Kurt


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110318223217.ga3...@roeckx.be

Re: Openssl 1.0.0

2011-03-08 Thread Kurt Roeckx

On Tue, Mar 08, 2011 at 11:11:15PM +0100, Jakub Wilk wrote:
 * Kurt Roeckx k...@roeckx.be, 2011-02-13, 00:27:
 I would like to upload version 1.0.0(d) to unstable soon. It
 changes soname, but as far as I know the API is still compatible
 with the old one, and you should be able to rebuild everything
 against the new version.
 
 Support for SSLv2 has been disabled in openssl 1.0.0c-2. We have a
 few dozens of packages in the archive that are not prepared for
 this: when rebuilt, they will either FTBFS or, worse, produce shared
 libraries with missing symbols.

We really should stop using SSLv2.  It was either making the
functions related to ssl 2 do nothing, and potentionally silently
breaking the applications, or just removing the related function
from the API and trying to make sure they fail on build and
hopefully catch most of the problems like that.

I think I'll also change some of the header files so that no v2
related things are defined or declared, since the define for it
doesn't seem to be used correctly everywhere.


Kurt


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110308232928.ga13...@roeckx.be

Re: Openssl 1.0.0

2011-03-08 Thread Jakub Wilk


* Kurt Roeckx k...@roeckx.be, 2011-02-13, 00:27:
I would like to upload version 1.0.0(d) to unstable soon. It changes 
soname, but as far as I know the API is still compatible with the old 
one, and you should be able to rebuild everything against the new 
version.


Support for SSLv2 has been disabled in openssl 1.0.0c-2. We have a few 
dozens of packages in the archive that are not prepared for this: when 
rebuilt, they will either FTBFS or, worse, produce shared libraries with 
missing symbols.


--
Jakub Wilk


--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110308221115.ga8...@jwilk.net

Re: Openssl 1.0.0

Re: Openssl 1.0.0

Re: Openssl 1.0.0

Re: Openssl 1.0.0

Re: Openssl 1.0.0

Re: Openssl 1.0.0

Re: Openssl 1.0.0

Re: Openssl 1.0.0

Re: Openssl 1.0.0

9 matches

Site Navigation

Mail list logo

Footer information