Hi Tiago, >> I'm not sure how Ubuntu handles these things, but in Debian the >> autobuilders only consider the first alternative of build dependencies >> to keep a build reproducible - so if you have A | B as build-dep, they >> will always use A. > > If A is not available then the builds will then try B, C, ... . > > I did the a test build for Yakkety - which does not have libssl1.0-dev > (A) - and it picked libssl-dev (B) instead. On Zesty (our dev version) > the builders use libssl1.0-dev at that is available.
interesting. Makes things easier for you, of course. https://github.com/bzed/pkg-open-vm-tools/commit/ed95c1d1f23c9982ba997ca05bae0d86d1505162 > [...] > >> btw, regarding the ubuntu package - its nice, that it is just taking my >> packaging these days - but why do you guys still build without >> xmlsecurity and xerces? > > [...] > What I did, based on suggestions, was to build and test against > xmlsec1, which is in Main and accepted by open-vm-tools's configure. > The build turned out fine. I haven't done some real testing on it, I'm > now waiting for other folks to look into that if they have the time. I'll ask upstream about it, but if configure accepts it, I'd guess its fine. > Is there a reason why Debian prefers xmlsecurity and xerces instead of > xmlsec1? If it were to depend on xmlsec1 then Ubuntu would be able to > use the exact same package. I'm not familiar with the functionality in > and security of open-vm-tools, xmlsecurity, xerces, and xmlsec1, so I > really have no idea what difference that would do. Mainly because when open-vm-tools started to require xmlsecurity/xerces at some point and I didn't even realize that there was an alternative now. Which is a bit annoying as it might build with libssl 1.1 then. But I don't want to change it for stretch anymore, I think. Thanks for figuring out! Cheers, Bernd -- Bernd Zeimetz Debian GNU/Linux Developer http://bzed.de http://www.debian.org GPG Fingerprint: ECA1 E3F2 8E11 2432 D485 DD95 EB36 171A 6FF9 435F
