[openssl-dev] [openssl.org #3735] [bug] Openssl transitive dependency to libexplain (minor)
Randall S. Becker via RT
rt at openssl.org
Sat Mar 7 18:52:36 UTC 2015
>> On March 7, 2015 1:34 PM Richard Moore via RT [mailto:rt at openssl.org] wrote:
> On 7 March 2015 at 18:11, Randall S. Becker via RT <rt at openssl.org> wrote:
> > > On March 7, 2015 1:02 PM Richard Moore via RT
> > > [mailto:rt at openssl.org]
> > wrote:
> > >> On 7 March 2015 at 17:14, Randall S. Becker via RT <rt at openssl.org>
> > wrote:
> > >>
> > > > Please forgive the potential red-herring nature of this minor
> > > > report, however..
> > > >
> > > > Openssl distribution depends on tardy, which in turn, depends on
> > > > libexplain.
> > > > According to
> > > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765335,
> > > > the libexplain maintainer has retired and the package is orphaned.
> > > > This is potentially represents an issue as libexplain is highly
> > embedded in
> > > tardy.
> > > >
> > >
> > > This sounds purely a packaging issue with debian and nothing to do
> > > with openssl itself.
> >
> > Tardy is referenced in the openssl Makefile tar rule, which is there
> > the dependency manifests.
> >
> > $(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
> > tardy --user_number=0 --user_name=openssl \
> > --group_number=0 --group_name=openssl \
> > --prefix=openssl-$(VERSION) - |\
> > gzip --best >../$(TARFILE).gz; \
> >
> >
> Surely you build your packages from the release tar balls? That means that this
> rule is never used.
We are building from git, as it is how we apply our platform patches. Support was recently dropped for Tandem/NonStop, so we have little choice here, other than hand-patching, which is not sustainable.
Aside, I am just trying to bring an awareness to potential unsupported product dependency. Nothing more.
More information about the openssl-dev
mailing list