Re: Planning the removal of c_rehash | mass bug filling
- Date: Fri, 6 Apr 2018 21:19:33 +0300
- From: Adrian Bunk <bunk@xxxxxxxxxx>
- Subject: Re: Planning the removal of c_rehash | mass bug filling
On Fri, Apr 06, 2018 at 12:22:12AM +0200, Sebastian Andrzej Siewior wrote:
> the openssl package provides the c_rehash script which creates the links
> from XXXXXXXX.Y to the actual certificate in /etc/ssl/certs/. During the
> transition from 0.9.8 to 1.0.0 the hash (for the X part) changed from
> md5 to sha1. Since that transition in Debian the c_rehash script
> provides both symlinks: the old hash (md5) and the new (sha1) one.
> The c_rehash script is considered by upstream as a fallback script and
> will disappear at some point. The recommended way is to use the "openssl
> rehash" command instead which appeared in 1.1.0. This command creates
> half that many symlinks (one per certificate instead of two) because it
> uses only the sha1 hash. There is also the -compat option which creates
> both symlinks (and behaves like c_rehash currently does) but as
> explained above it should not be required to use it.
If c_rehash gets removed before buster, please add appropriate Breaks
for the non-fixed stretch packages to openssl, to avoid problems similar
to #894282 during stretch->buster upgades.
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed