I got to this bug through the last merge (LP: #1666430) that pointed to LP: #1492429 which linked here.
I was also investigating that merge (somehow we got two bug reports open for the same thing) and I agree with Seth Arnold that it is better (ubuntu-wise) to use xmlsec1 than xml-security-c + xerces.
I tested and confirmed that the package builds fine with xmlsec1 which - as Seth pointed out - is also on main.
The question is: do we care about SAML-based guest authentication? If we don't, then it is better to simply keep the Build-Depends as it is in Debian (so we can prevent recurring merges because of changes in debian/control) and simply disable the xml-security-c check on debian/rules's auto configure override. Notice that since Xenial it is ok to have a package in Main with a Build-Depends from Universe as long as that don't generate a runtime dependency to Universe [1].
Now, if we *do* care about SAML-based guest authentication, moving to xmlsec1 seems fine. It would be great to also have that change into Debian as well, but I don't know if there is a more convincing reason to push that forward than "works better for Ubuntu". Can anyone help figuring this out?
See the proposed patch to replace xml-security-c + xerces by xmlsec1. Note that the patch also changes the Build-Depends from libssl1-0-dev to libssl-1-0-dev|libssl-dev to make backporting easier (see debian bug #856569 [2]), but that part can be safely ignored.
I got to this bug through the last merge (LP: #1666430) that pointed to LP: #1492429 which linked here.
I was also investigating that merge (somehow we got two bug reports open for the same thing) and I agree with Seth Arnold that it is better (ubuntu-wise) to use xmlsec1 than xml-security-c + xerces.
I tested and confirmed that the package builds fine with xmlsec1 which - as Seth pointed out - is also on main.
The question is: do we care about SAML-based guest authentication? If we don't, then it is better to simply keep the Build-Depends as it is in Debian (so we can prevent recurring merges because of changes in debian/control) and simply disable the xml-security-c check on debian/rules's auto configure override. Notice that since Xenial it is ok to have a package in Main with a Build-Depends from Universe as long as that don't generate a runtime dependency to Universe [1].
Now, if we *do* care about SAML-based guest authentication, moving to xmlsec1 seems fine. It would be great to also have that change into Debian as well, but I don't know if there is a more convincing reason to push that forward than "works better for Ubuntu". Can anyone help figuring this out?
See the proposed patch to replace xml-security-c + xerces by xmlsec1. Note that the patch also changes the Build-Depends from libssl1-0-dev to libssl- 1-0-dev| libssl- dev to make backporting easier (see debian bug #856569 [2]), but that part can be safely ignored.
[1] https:/ /lists. ubuntu. com/archives/ ubuntu- devel-announce/ 2016-April/ 001179. html bugs.debian. org/856569
[2] http://