* Junichi Uekawa ([EMAIL PROTECTED]) wrote: > > What about it would avoid libssl0.9.6 problems? Nothing I saw would > > solve the problems of multiple versions of a library ending up linked > > into the same process except the symbol versioning portion, which is > > what I'm advocating here but you seem to be against while offering > > 'solutions' that either don't deal with the problem at all or only solve > > a portion of it. > > Following libpkg-guide will avoid future similar problems.
Wrong, wrong, wrong. Quit spreading misinformation.
> To work around libssl problem, you can certainly use
> symbol versioning.
That's a solution and what I'm trying to push for.
> You could also take an approach of pulling out libssl-dev,
> and making packages to Build-Depend on libssl0.9.7-dev libssl0.9.6-dev
> explicitly, and starting to rebuild packages against them.
>
> That way, within Debian, it is not possible to build a package
> that is simultaneously linked against libssl0.9.6 and libssl0.9.7.
>
> That is what libpkg-guide documents.
Will you please just quit with the foolish claims? Even if packages
build-depend on a specific library version a running process can end up
being linked against two versions of a library. Here we go, again:
At time X libssl0.9.6-dev is in Debian.
At time X ssh is built against libssl0.9.6-dev.
At time Y libssl0.9.7-dev is uploaded to Debian.
At time Y libldap2 is built against libssl0.9.7-dev.
At time Z a user installs libssl0.9.6, libssl0.9.7, ssh, libldap2
and libpam-ldap, all of which are in Debian and all of which can be
installed without any problems with dependencies.
At time Z the ssh process will end up linked (AT RUNTIME) to both
libssl0.9.6 *AND* libssl0.9.7. ssh will end up segfaulting because of
this.
*Please* tell me you see and understand the problem. I'm really getting
tired of having to explain it to you over and over again.
Stephen
pgpCgcOxQsY52.pgp
Description: PGP signature
