| 1 |
On Wed, Mar 2, 2016 at 11:06 AM, James <wireless@×××××××××××.com> wrote: |
| 2 |
> Rich Freeman <rich0 <at> gentoo.org> writes: |
| 3 |
> |
| 4 |
>> They changed ABI without changing SONAME, which is an absolutely |
| 5 |
>> braid-dead thing for upstream to do, because it causes exactly this |
| 6 |
>> kind of breakage. |
| 7 |
> |
| 8 |
> Hmmmm. I've been working on my ebuild and end-o-mentoring quizes:: so in |
| 9 |
> that vein, should not the gentoo dev have bumped the gentoo rev numbers, or |
| 10 |
> did I miss-read the gentoo docs? |
| 11 |
> |
| 12 |
|
| 13 |
So, first, this isn't really the forum to critique what the devs did, |
| 14 |
and I haven't spoken to them so I can't vouch for what their knowledge |
| 15 |
was at the time. |
| 16 |
|
| 17 |
Revbumping wouldn't help, and I'm pretty sure they did revbump it. |
| 18 |
The real issue was upstream, and I'd have to think about whether |
| 19 |
trying to fix it with a Gentoo patch would make things better or worse |
| 20 |
(it would make Gentoo different from everybody else, causing havoc if |
| 21 |
you had a proprietary binary you wanted to run and so on). |
| 22 |
|
| 23 |
Upstream really dropped the ball on this. When I'm updating packages |
| 24 |
I certainly don't carefully review all their ABIs and SONAMEs. |
| 25 |
Without some kind of automatic QA tool it would be a pretty big |
| 26 |
undertaking. I might go see if there is such a tool though, maybe |
| 27 |
that might be a good outcome if such a tool exists. |
| 28 |
|
| 29 |
> |
| 30 |
>> Everybody should be on the lookout for this update and carefully |
| 31 |
>> follow the forum post instructions to get through it. |
| 32 |
> |
| 33 |
> Again, in light of the dev-quizes, should not the package maintainer have |
| 34 |
> posted a news item prior/simultaneously to the new package release? |
| 35 |
|
| 36 |
Sure, if they had known about it. However, it sounds like they may |
| 37 |
have been as surprised as anybody else. I'd really like to see one |
| 38 |
right away though. |
| 39 |
|
| 40 |
The way openssl handles their ABIs really makes me think that libressl |
| 41 |
may not be the lesser evil. Sloppy SONAME handling causes all kinds |
| 42 |
of issues though and seeing it in high-profile projects like these is |
| 43 |
pretty concerning. |
| 44 |
|
| 45 |
> |
| 46 |
> Not trying to stir things up, just scratching many itches here on the |
| 47 |
> dev-quizes. Surely we are all human(oid) and thus forginving of our |
| 48 |
> comrades....even to the point of encouragement? |
| 49 |
> |
| 50 |
|
| 51 |
Of course. To err is human. To stabilize errs carries the death penalty. :) |
| 52 |
|
| 53 |
(I'm sure somebody will file that away for the next stable package I break.) |
| 54 |
|
| 55 |
-- |
| 56 |
Rich |
Archives