[Bug 1822069] Re: SRU: Shibboleth SPv3 for bionic

Etienne Dysli Metref Mon, 08 Apr 2019 03:01:58 -0700

Hi Robie,

Thank you for taking the time to review this SRU. I've considered the
use cases of Shibboleth packages and searched for reverse dependencies
and here is what I can say.


All five source packages are maintained by Shibboleth project developers
as components of the Shibboleth Service Provider. Usage of the libraries
for other purposes is generally not supported.

# log4shib
 -  It's a library, so there are no direct use cases.
 -  This new major version has a new SONAME so it is distinct from the older 
version.
 -  Reverse dependencies: moonshot-gss-eap depends on libshibresolver1 which in 
turn depends on liblog4shib1v5. libshibresolver1 should keep using the current 
liblog4shib1v5 instead of the newer liblog4shib2. I cannot further comment on 
the impact upon Moonshot-related packages, but I can ask their Debian 
maintainer if needed.

    $ reverse-depends -r bionic src:log4shib
    Reverse-Depends
    ===============
    * libsaml9                      (for liblog4shib1v5)
    * libshibresolver1              (for liblog4shib1v5)
    * libshibsp7                    (for liblog4shib1v5)
    * libxmltooling-dev             (for liblog4shib-dev)
    * libxmltooling7                (for liblog4shib1v5)
    * opensaml2-tools               (for liblog4shib1v5)
    * shibboleth-sp2-utils          (for liblog4shib1v5)

# xml-security-c
 -  It's (mostly) a library, so no direct uses cases are expected. A few 
utility programs are shipped in xml-security-c-utils (/usr/bin/xsec-*), however 
these are not used for operating a Shibboleth SP. I don't have data on direct 
uses of these utilities.
 -  This new major version has a new SONAME so it is distinct from the older 
version.
 -  There are no reverse dependencies outside of Shibboleth packages.

    $ reverse-depends -r bionic src:xml-security-c
    Reverse-Depends
    ===============
    * libsaml9                      (for libxml-security-c17v5)
    * libshibsp7                    (for libxml-security-c17v5)
    * libxmltooling-dev             (for libxml-security-c-dev)
    * libxmltooling7                (for libxml-security-c17v5)

# xmltooling
 -  It's a library, so there are no direct use cases.
 -  This new major version has a new SONAME so it is distinct from the older 
version.
 -  Reverse dependencies: moonshot-gss-eap and libshibresolver1 both depend on 
libxmltooling7. The same comment as above applies for Moonshot-related packages.

    $ reverse-depends -r bionic src:xmltooling
    Reverse-Depends
    ===============
    * libapache2-mod-shib2          (for libxmltooling7)
    * libsaml2-dev                  (for libxmltooling-dev)
    * libsaml9                      (for libxmltooling7)
    * libshibresolver1              (for libxmltooling7)
    * libshibsp-dev                 (for libxmltooling-dev)
    * libshibsp-plugins             (for libxmltooling7)
    * libshibsp7                    (for libxmltooling7)
    * libshibsp7                    (for xmltooling-schemas)
    * moonshot-gss-eap              (for libxmltooling7)
    * opensaml2-tools               (for libxmltooling7)
    * shibboleth-sp2-utils          (for libxmltooling7)

# opensaml
 -  It's (mostly) a library, so no direct uses cases are expected. One utility 
program is shipped in opensaml-tools (/usr/bin/samlsign), however it is not 
used for operating a Shibboleth SP. I don't have data on direct uses of this 
utility.
 -  This new major version has a new SONAME so it is distinct from the older 
version.
 -  Reverse dependencies: moonshot-gss-eap and libshibresolver1 both depend on 
libsaml9. The same comment as above applies for Moonshot-related packages.

    $ reverse-depends -r bionic src:opensaml2
    Reverse-Depends
    ===============
    * libshibresolver1              (for libsaml9)
    * libshibsp-dev                 (for libsaml2-dev)
    * libshibsp-plugins             (for libsaml9)
    * libshibsp7                    (for opensaml2-schemas)
    * libshibsp7                    (for libsaml9)
    * moonshot-gss-eap              (for libsaml9)
    * shibboleth-sp2-utils          (for libsaml9)

# shibboleth-sp
 -  Direct use: running a Shibboleth SP. shibd's version 3 is 
backward-compatible with version 2 configuration 
(/etc/shibboleth/shibboleth2.xml) and can run with the existing old 
configuration. Following the emitted deprecation warnings and upgrading to the 
v3 configuration format is however recommended. I've upgraded several SPs from 
v2 to v3 and they all run fine with the old configuration.
 -  Reverse dependencies: moonshot-gss-eap and libshibresolver1 both depend on 
libshibsp7. The same comment as above applies for Moonshot-related packages.

    wordpress-shibboleth depends on libapache2-mod-shib2: In this case,
users of wordpress-shibboleth would be better served by this upgrade
because their Apache+PHP installation would then only depend on
libcurl4, dropping the conflicting dependency on libcurl3. The
dependency on libapache2-mod-shib2 will trigger an upgrade to libapache2
-mod-shib (part of the v3 stack).

    $ reverse-depends -r bionic src:shibboleth-sp2
    Reverse-Depends
    ===============
    * libshibresolver1              (for libshibsp7)
    * moonshot-gss-eap              (for libshibsp7)
    * wordpress-shibboleth          (for libapache2-mod-shib2)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1822069

Title:
  SRU: Shibboleth SPv3 for bionic

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/log4shib/+bug/1822069/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1822069] Re: SRU: Shibboleth SPv3 for bionic

Reply via email to