On 2016-12-02 10:43:17 [+0100], Raphaël Hertzog wrote: > Currently openvas is not buildable because it build-depends on libssh-dev > which depends on libssl1.0-dev and libsnmp-dev which depends on > libssl-dev (and both libssl*-dev are not co-installable). > > I believe we might be able to fix this by making libsnmp-dev depend on either > version of the -dev package. But this is true only if libsnmp does not reuse > parts of the SSL API in its own API... and I don't know if this is the case. > > If that's not the case, then we should stick to libssl1.0-dev until > ssh works with OpenSSL 1.1 and everything can be switch together to version > 1.1.
I've been just looking at this due to libsnmp-perl deps on libssl. The perl .so files link against libcrypto.so but they don't share any symbols so I don't think this linking is required (or openssl used by perl at all). The 1.1.0 support should not be that complicated but if you have packages that depend on it and already moved on to libssl1.0-dev I would say to keep this package with libssl1.0-dev for Stretch. Sebastian
