Web lists-archives.com

Re: Mass bugfiling potential: bundled implementation of md5




On Thu, Oct 25, 2018 at 02:56:23PM +0800, Yangfl wrote:
> Hi,
> 
> Many of packages include bundled Aladdin Enterprises independent
> implementation of md5. Full list can be seen at
> https://codesearch.debian.net/search?q=typedef+unsigned+char+md5_byte_t&perpkg=1
> (100 packages)
> 
> As discussed in #909116, libmd-dev now provides a compatible interface
> for that, so bundled sources should be dropped.
>...

What exactly are the benefits?

Are they worth making not upstreamable changes to 100 packages?

I would expect sane upstreams to resist adding a dependency on a library
version the is currently not present in the stable release of any Linux 
distribution.
 
> A potential fix for that might be replace the md5.h header with
> 
> #define LIBMD_MD5_ALADDIN
> #include <md5.h>
> 
> remove building for md5.c, and add
> 
> Build-Depends: libmd-dev (>= 1.0.1)

How will you verify that this change is correct in all cases?

We have so many regressions due to Debian maintainers blindly making 
changes they don't understand - and that were not tested at all before 
uploading to the archive.

> Thanks,

cu
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed