On 2017-11-23 17:09:09 [+0200], Adrian Bunk wrote:
> On Thu, Nov 23, 2017 at 01:57:58PM +0000, Ian Jackson wrote:
> > 2. For the reason just mentioned, it might be a good idea to put in a
> >    Breaks against old versions of packages using
> >    CURLOPT_SSL_CTX_FUNCTION.  However, (a) I am not sure if this is
> >    actually necessary
> 
> See #846908 for an example where it is necessary.
#844018 has some history and was the reason for curl to stay with 1.0

> >    (b) in any case I don't have a good list of all
> >    the appropriate versions
> 
> Kurt did search for affected packages a year ago,
> so the information about affected packages in
> stretch should already be available.
> 
> Note that such Breaks won't work for backported packages.

I did a grep and it seems that all affected users are blocked by
#858398 except for hhvm. All of them seem to touch
CURLOPT_SSL_CTX_FUNCTION and ask for libssl1.0-dev.

I skipped some others (while doing the grep just now) which should not
be an issue (like `cargo' but it depends on libssl-dev and
libcurl4-gnutls-dev or `sx' which uses it only in its configure script
or `cmake', r-cran-rcurl, curlpp  which do not link against libssl,…).

> cu
> Adrian

Sebastian

Reply via email to