On 08/12/2017 02:16 PM, Tollef Fog Heen wrote: > While I think we might want to ship buster with TLS 1.0 available, I > think running with it disabled for parts of the development cycle is > very useful, since it exposes bugs we have in packages that will use > that version out of the box (isync being referred to elsethread). > Finding and fixing those bugs is good. >
This got me thinking... how about a split of the generated binary packages to generate a (default) set with only TLS 1.2 available and a fallback set with the current configuration? One would have to work out a convention for whether 1) the fallback set would have both Provides and Conflicts set or 2) both sets should cooperate with each other and how 2.1) via alternatives 2.2) a more fine-grained approach to select an appropriately configured library on a per-application basis (e.g. LD_PRELOAD?) Cheers Daniel
signature.asc
Description: OpenPGP digital signature
