Julien Cristau: > On Sun, Mar 20, 2016 at 01:55:55 +0000, Chris Knadle wrote: > >> Emilio Pozuelo Monfort: >>> On 19/03/16 19:23, Chris Knadle wrote: >>>> Greetings. >>>> >>>> Executive summary: >>>> I'd like to know if there is metadata that can be added to the Qt4 and Qt5 >>>> packages (qt4-x11 and qtbase-opensource-src) which will indicate that they >>>> need to be binNMUed for OpenSSL transitions at nearly the same time that >>>> Mumble gets binNMUed. >> [...] >>>> Is this possible? >>> >>> There's no way to express that kind of relationship. Not unless you get into >>> complex territory which isn't really worth it in this case. Normally binNMUs >>> are scheduled at the same time, so in theory this shouldn't be such a big >>> issue. And it would only affect unstable users, only for a short amount of >>> time. >> >> Ehhh... okay. The last OpenSSL binNMU had an 11-day difference between >> Mumble getting rebuilt and qt4-x11 being rebuilt in Sid. That's a short >> time in release terms, but a long time in terms of users finding Mumble >> broken and waiting for it to be fixed. >> >> Either way I have my answer. Thank you very much. >> > What would it take to fix qt to properly link with libssl?
There's an -openssl-linked ./configure option for building Qt with: https://doc.qt.io/qt-4.8/ssl.html However it's thought that the -openssl-linked option isn't viable due to licensing concerns that would result: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804487#147 Right now Qt5 (qtbase-opensource-src) uses the -openssl ./configure option but not -openssl-linked, Qt4 (qt4-x11) uses neither. Both Qt4 and Qt5 pull in libssl-dev and libssl during the build, FWIW. -- Chris -- Chris Knadle [email protected]
