[openssl-project] The problem of (implicit) relinking and changed behaviour

Kurt Roeckx kurt at roeckx.be
Sun Apr 15 09:22:54 UTC 2018

On Sun, Apr 15, 2018 at 07:38:48AM +0200, Richard Levitte wrote:
> In message <C60D8170-70CB-44A7-86BD-9463D1A021C3 at akamai.com> on Sat, 14 Apr 2018 21:13:47 +0000, "Salz, Rich" <rsalz at akamai.com> said:
> rsalz> We have *no* data points, except our tests, that anything fails to work.
> rsalz> In fact, we are increasingly collecting data that shows everything is just fine.
> Errr, are we?  Please inform me, because I cannot remember having seen
> tests that specifically targets the case of programs built with 1.1.0
> that get implicitly relinked with 1.1.1 libraries (that's what you
> call "going forward", isn't it?), or data collection for that matter.
> I may have missed something, but I am interested.

In Debian we've done a rebuild test of all source packages that link
to 1.1.0 to build against pre2 instead, and as far as I know only 1
package was found to fail because of that: #5637

This is of course slightly different than just upgrading the
library since it can pick up new header files, but I think this is
close enough. It also only covers those packages that have a test


More information about the openssl-project mailing list