Hi Simon,
Thank you for working on this!
On Sat, Oct 02, 2021 at 02:01:10AM -0700, Simon Chopin wrote:
> As stated, the transition should only take place if main is ready for
> it. As far as universe is concerned, in an ideal world all the 180
> packages above would be fixed in time for the release. However, if not
> so, we'll either remove the package from the release or, if *really*
> necessary, would introduce a compatibility openssl-1.1 package. The
> latter option is of course highly undesirable.
I think it's worth noting what happened with nodejs in Bionic:
https://bugs.launchpad.net/ubuntu/+source/nodejs/+bug/1779863
https://bugs.launchpad.net/ubuntu/+source/nodejs/+bug/1794589
Summary: nodejs incorporated the version of openssl it gets built with
into its ABI, causing incompatibility between binary modules built in
different places if they mismatch, contrary to ecosystem expectations.
Upstream therefore considers[1] the openssl version that must be used
"locked" for a particular nodejs version. But if we use the version
upstream wants, and that differs from our "default" version, then the
resulting co-installability conflict between the two -dev packages
results in users complaining about that instead.
It might be worth someone looking into this early in order to try to
avoid or mitigate a recurrence of this kind of issue.
HTH!
Robie
[1] I don't know if this is still the case.
