Le ven. 2 nov. 2018 à 18:41, Steve Langasek <email address hidden>
a écrit :
> This is expected behavior. These two stacks are incompatible, and while
> they use symbol versions so will not cause overt ABI problems when
> loaded into the same namespace, there are still some opaque structures
> that could be problems when passed between two libraries that each
> depend on different versions of openssl. So the value of making the
> -dev packages coinstallable is small from the perspective of the
> distribution, the costs large given that relocating one or the other
> library means reverse-dependencies would also need updating to be able
> to find it at build time, and the risks of anything built against both
> versions of libssl significant.
Le ven. 2 nov. 2018 à 18:41, Steve Langasek <email address hidden>
a écrit :
> This is expected behavior. These two stacks are incompatible, and while dependencies would also need updating to be able
> they use symbol versions so will not cause overt ABI problems when
> loaded into the same namespace, there are still some opaque structures
> that could be problems when passed between two libraries that each
> depend on different versions of openssl. So the value of making the
> -dev packages coinstallable is small from the perspective of the
> distribution, the costs large given that relocating one or the other
> library means reverse-
> to find it at build time, and the risks of anything built against both
> versions of libssl significant.
Hi,
i've just dug into that matter, and here are my conclusions: /github. com/nodejs/ node/issues/ 18770, in which case this is /salsa. debian. org/js- team/nodejs/ commit/ 60488253f26c658 5a816e292a742fc a40afee192 /github. com/nodejs/ node/blob/ master/ BUILDING. md#note- for-downstream- distributors- of-nodejs, /github. com/nodejs/ TSC/issues/ 621
- it is quite easy to build and use embedded copy of openssl, and since
Node is doing its own security tracking, it might be a realistic solution
to just do that.
- upstream is developing openssl 1.1.1 compatibility, tests pass on linux,
see https:/
needed to pass tests without heavily patching the test suite:
https:/
- breaking ABI is now covered by
https:/
so i opened an issue here for debian. I suppose ubuntu could use same
versions: https:/
- nodejs 10.13 is waiting in NEW/experimental. As soon as it is accepted
i'll backport the work on nodejs 8 branch, in case nodejs 10 doesn't make
it before debian freeze.
Jérémy