On Fri, Feb 11, 2011 at 03:56:53PM -0500, Thor Lancelot Simon wrote: > On Fri, Feb 11, 2011 at 09:01:01PM +0100, Kurt Roeckx wrote: > > > > I'm planning on uploading a version based on 1.0.0 to Debian > > soon. And I would like to keep the current soname for the > > rest of the release cycle. The transition from 0.9.7 to 0.9.8 > > took over 2 years. I also had to support both the 0.9.7 and > > 0.9.8 version at the same time, because some applications were > > still linked to the old version. I would like to avoid having > > to maintain multiple versions. > > I assume you know that 0.9.7 and 0.9.8 were not binary compatible > and thus *REQUIRED* different sonames? > > I have not heard that the situation changed in any way with newer > releases. It would take a lot of work to make it so, and I don't > see that work going on (nor do I think it should be a high > priority for OpenSSL, frankly). > > If it has the same soname, it *has to* be 100% backwards compatible > for a binary application linked to the oldest version with that > soname. Both the 0.9.7 and 0.9.8 release streams managed to break > that at one point or another though at least for 0.9.8 it was not > as serious and most applications would continue to work. It would > not be good to make the situation even worse. > > ELF sonames are not vanity license plates to be used to tell everyone > what textual version number you picked for your shiny new library. > They tell the system which libraries are guaranteed to be binary > compatible with which applications. Failing to change them when > changing any exposed interface is a serious bug.
I know very well when you need to change the soname. That doesn't mean you should require an soname change for every major or even minor versions. I just want to be able to use the same soname for as long as possible. Which means that you need to be careful about changes you made. One of my problems with openssl is that changing compile time options break the ABI. And people don't seem to be willing to change this. With every version I upload to Debian I do check for possible problems before I upload it and have seen various problems during the 0.9.8 series. I've enabled some new options that did break the ABI as a result broke some applications. It also meant that I couldn't enable various options because it would break all of them. And this is all very frustrating. But it's better than having to support 20 different versions of openssl. Kurt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org