Bug#234583: [debian-openldap] Bug#231196: #231196 -- raise to critical

To: Greg Burley <greg.burley@tabq.com.au>, 231196@bugs.debian.org
Cc: 234583@bugs.debian.org
Subject: Bug#234583: [debian-openldap] Bug#231196: #231196 -- raise to critical
From: Stephen Frost <sfrost@snowman.net>
Date: Mon, 1 Mar 2004 21:54:05 -0500
Message-id: <[🔎] 20040302025404.GT7060@ns.snowman.net>
Reply-to: Stephen Frost <sfrost@snowman.net>, 234583@bugs.debian.org
In-reply-to: <[🔎] 861xocjdtl.fsf@tabq.com.au>
References: <[🔎] 861xocjdtl.fsf@tabq.com.au>

* Greg Burley (greg.burley@tabq.com.au) wrote:
> I have attempted to raise the severity of bug#231196 since there are
> other TLS/SSL issues queueing up in the bug list eg. #234583 and the
> original #205452 reporting lost TLS features following the patch that
> replaced openssl with gnutls in the openldap source.

The problems are actually primairly with gnutls10, gnutls7 was working
well for most people.

> So far no response from the package maintainers on these issues.  If you

No response?  I've already responded to #234639 and #234593 correctly
identifies that the problem was the new gnutls10, which you apparently
fail to understand.

> are going to patch a package downstream without using upstream resources
> to verify that the patch has not clobbered documented behaviours then

Upstream wouldn't even look at it.  We've already offered it to them and
in fact asked them to include it.  Their 'justification' was that the
patch was done under the GPL (or LGPL, either way); of course, the
license is the perogative of the author.  Feel free to discuss with him
if you'd like for him to release it under something else; you might
change your attitude though, I doubt he'd be interested in listening to
you if you're going to be disrespectful to him and fail to understand
the issues.

> you are going to have to be more vigilant to bug reports on the package.

A whole *5* days for an *unstable* package to respond to a bug that
someone else already pointed out was almost certainly due to a change to
gnutls10?  I hardly consider that something we need to be more
'vigilant' about.  You might offer to assist, otherwise you'll just have
to wait.  It's *unstable* after all, that means 'deal with it' in
general.

> The alternative is to have the patch accepted upstream which means doing
> the hard yards to get it working correctly. Along with offering two
> versions of this package one that is openssl dependant and one that is
> gnutls dependant in the meantime so that users who are relying on ldap .

We won't be offering two versions of the package.  If you'd like to work
with the patch author and upstream to resolve their differences feel
free.  I tried but, honestly, upstream was not very responsive at all
and the patch isn't all *that* complex.  In fact, someone else has
already posted a patch which it sounds like may fix some of the problems
with gnutls10.

	Stephen

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Bug#234583: #231196 -- raise to critical
  - From: Greg Burley <greg.burley@tabq.com.au>

Prev by Date: Bug#234583: #231196 -- raise to critical
Next by Date: Re: ro svn checkout of svn.debian.org/svn/pkg-kde/
Previous by thread: Bug#234583: #231196 -- raise to critical
Next by thread: Processing of arts_1.2.1-1_i386.changes
Index(es):
- Date
- Thread