Comment 5 for bug 1779863

Hi all,

Because this bug was filed against the unmodified package version from Debian, I also filed this bug against Debian upstream: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904274

@ddstreet it is pretty common for end users to install a language runtime (e.g. python, nodejs, etc.) and package manager (e.g. pip, npm, etc,) from the OS while then using that package manager to download libraries/dependencies from the language-specific registry. I think it's pretty important to ensure that the language runtimes we ship in Debian/Ubuntu uphold the ABI contracts that upstream languages establish for distributing compiled native extensions.

In order to fix this in Bionic, I believe we need to change the builddep/dependency to depend on the package that provides openssl 1.0.2.

In Buster, I'm suggesting that we upgrade to node 10.x to fix the issue.

- e