On Fri, Aug 09, 2024 at 09:15:20AM +0000, Debian Bug Tracking System wrote: > * Split the legacy provider into its own package (Closes: #965041).
By default, this breaks anything that uses python3-cryptography: https://github.com/pyca/cryptography/blob/43.0.0/src/rust/src/lib.rs#L77 There are two natural options: set CRYPTOGRAPHY_OPENSSL_NO_LEGACY, or depend on openssl-provider-legacy. I guess the former is a reasonable workaround, at least in the short term, but it's going to have to be done in the test suite of the entire reverse-dependency tree of python3-cryptography; or python3-cryptography itself would have to be changed, which ideally would need to be coordinated with upstream since it'd be a semantic change. Given what seems to have been a relatively weak and contested justification for making this change, is this actually worth all the effort? -- Colin Watson (he/him) [cjwat...@debian.org]
