Sebastian Andrzej Siewior: > On 2017-01-20 21:36:00 [+0000], Niels Thykier wrote: >> Hi Ondřej, >> >> Sorry for being the "messenger" triggering this issue in php7.0. >> >> Kurt/Sebastian, what are you recommendations here? Should we migrate >> net-snmp itself to ssl1.1 (possibly with all of its rdeps) or can we >> detangle net-snmp and php7 from each other in a graceful manner? > > [...] I grep the deps [0] and didn't find a user of > cert_util.h so it looks like nobody cares about that. >
Thanks. :) Codesearch also appears to agree with this (assuming we are only looking at rdeps). :) Internally, snmp appears to have a few uses of it. > I would suggest to drop the the libssl1.0-dev dep in libsnmp-dev and add > a guard cert_util.h to ensure openssl's version is less than 1.1.0 in > case someone tries to use this on its own. The header file is used internally by snmp, so this change implies upgrading snmp to ssl1.1. All in all, we need to: * Apply the patch in #828449 * Remove "libssl1.0-dev | libssl-dev (<< 1.1)" from Depends and add a "libssl-dev" to Suggests in the the "-dev" package? * Add an "#if"-guard rejecting ssl1.0 in the cert_util.h file. (Can you provide me with an example/patch for the guard?) > I will try to make that change tomorrow and rebuild the packages [0]. > > [...] Thanks. Let me know how it goes. I am happy to do the upload if your test says go and you can provide me with the "#if"-guard. (apparently, net-snmp also needs an unrelated patch for pie - see #852023) Thanks, ~Niels
