Source: qtbase-opensource-src
Severity: normal
Version: 5.12.5+dfsg-2
Hi,
is there a reason that Debian's distribution package is *not* using the build
flag "-openssl-linked" to create a proper DT_NEEDED dependency at
compile-time? (Couldn't find anything in the archived bugreports, sorry if
this is reopening a can of worms.)
The benefits of this flag seem to me:
* minimal user surprise: the established mechanisms of library dependency
lookup work for Qt as they do for everything else
* less code duplication: Qt is effectively reimplementing a subset of ld.so's
functionality (with a few provisions to cope with slightly different
versions of OpenSSL, if my impression of that code is correct)
* the dependency is automatically picked up by dh_* and thrown into
${shlibs:Depends}, no manual tracking necessary
In the current state libqt5network5 already depends on libssl1.1 anyway, so
we know what library will be "dynamically discovered" by Qt (i.e. we don't
need the multi-version compatibility support Qt offers) - it's just harder
to interpose the process if you want to, and it throws away the opportunity
to use our existing tooling.
See this Fedora report (esp. the last comments) for another community having
gone through the same discussion[1].
Best regards
Jan
[1]: https://bugzilla.redhat.com/show_bug.cgi?id=1328659
