Re: Getting openswan 2.2.0 back into sarge
Rene Mayrhofer wrote:
>Hi all,
>
>[Please CC me in replies, I am currently not subscribed to this list.]
>
>As some have already noticed, openswan has been removed from testing a while
>ago, most probably because of bug #291274, which did not apply to package
>version 2.2.0-4 (the one that has been removed from testing). As 2.3.0
>
>
You should have tagged the RC bug Sid.
>upstream is currently not production quality (this is my personal opinion,
>since it basically triggers a DoS on 2.2.0 installations, cf. #292132), I did
>
>
Doesn't this mean that 2.2.0 is NOT release quality? It is a security
problem if you can trigger a DoS on a package.
>not work on getting it into testing. Of course, I have to admit that I have
>been lazy in not filing a RC bug report to prevent it from entering testing
>and fixing this bug. However, it looked like 2.3.1 might get released soon at
>that time, so I had decided to wait for it and push it into testing as soon
>as the new upstream is there. At the moment, 2.3.1 is nowhere to be seen and
>I would really like to have a working (and not DoS-triggering) openswan in
>testing. My current intention would be to get 2.2.0-4 back into testing,
>which worked well in all of my own tests (I am still using that particular
>version on many production boxes) and does not seem to be broken for other
>users. What is the general opinion on that?
>
>
The first step is to remove the current version from testing if it is
not production quality.
The second step is to locate the DoS problem in 2.2.0
The final step is to upload 1:2.2.0 or similar to unstable and wait for
it to get to testing.
- Adam
Reply to: