Russ Allbery <r...@debian.org> writes: > wf...@niif.hu (Ferenc Wágner) writes: > >> Just adding that Shibboleth itself is also problematic, because >> XMLTooling, which is incompatible with OpenSSL 1.1, uses libcurl, >> which already switched to OpenSSL 1.1. So switching xml-security-c >> to OpenSSL 1.0 did not actually solve the problem for Shibboleth >> because of the above version clash in XMLTooling. Shall I bring it >> up with the curl maintainers? Or wait for the conclusion on >> debian-devel? > > This seems like something we're going to have to figure out > project-wide, since the way the transition is currently set up doesn't > seem likely to work.
Hi, I can't see any conclusion in the OpenSSL 1.1 thread on debian-devel, but we're running out of time. We can't keep XMLTooling at OpenSSL 1.0, because libcurl uses 1.1, but we can't switch to 1.1 either, because the latest upstream release doesn't support it yet. Have we got any option left to ship Shibboleth in stretch after all? -- Thanks, Feri
