Comment 12 for bug 1482777

I got to this bug through the last merge (LP: #1666430) that pointed to LP: #1492429 which linked here.

I was also investigating that merge (somehow we got two bug reports open for the same thing) and I agree with Seth Arnold that it is better (ubuntu-wise) to use xmlsec1 than xml-security-c + xerces.

I tested and confirmed that the package builds fine with xmlsec1 which - as Seth pointed out - is also on main.

The question is: do we care about SAML-based guest authentication? If we don't, then it is better to simply keep the Build-Depends as it is in Debian (so we can prevent recurring merges because of changes in debian/control) and simply disable the xml-security-c check on debian/rules's auto configure override. Notice that since Xenial it is ok to have a package in Main with a Build-Depends from Universe as long as that don't generate a runtime dependency to Universe [1].

Now, if we *do* care about SAML-based guest authentication, moving to xmlsec1 seems fine. It would be great to also have that change into Debian as well, but I don't know if there is a more convincing reason to push that forward than "works better for Ubuntu". Can anyone help figuring this out?

See the proposed patch to replace xml-security-c + xerces by xmlsec1. Note that the patch also changes the Build-Depends from libssl1-0-dev to libssl-1-0-dev|libssl-dev to make backporting easier (see debian bug #856569 [2]), but that part can be safely ignored.

[1] https://lists.ubuntu.com/archives/ubuntu-devel-announce/2016-April/001179.html
[2] http://bugs.debian.org/856569