On 22.07.2016 16:53, Simo Sorce wrote:
On Fri, 2016-07-22 at 16:48 +0200, Tomas Mraz wrote:
>
> 2. Add compat 1.0.2 package which would be used by 3rd party
> applications and also temporarily by applications that are not yet
> ported to the new API. However the current plan is to not provide
> -devel subpackage for 1.0.2 compat packages so if you needed to rebuild
> something on rawhide you would have to fix the build issues with the
> new openssl.
>
I am concerned about a compat package because there are a lot of
components lining to openssl often libraries or modules, from different
source RPMS. So we incur the risk of getting a binary to link with both
version via modules/library dependencies and that would cause issues
(probably crashes, or perhaps bad behavior) only at runtime due to
symbol aliasing between the two versions.
urgh, yes, that's practically guaranteed to crash LibreOffice which
could pull in openssl via neon, python-stmp, postgresql-libs, openldap,
curl, librdf, any gnome-vfs backend, and probably other ways i'm not
aware of.
the only safe way to provide a compat openssl package is as a -devel
package that only contains a static library :P