Bug#603450: Is 603450 realy release critical?

To: debian-release@lists.debian.org
Cc: 603450@bugs.debian.org
Subject: Bug#603450: Is 603450 realy release critical?
From: Alexander Reichle-Schmehl <tolimar@debian.org>
Date: Wed, 8 Dec 2010 08:45:30 +0100
Message-id: <[🔎] 20101208074530.GB30959@melusine.alphascorpii.net>
Mail-followup-to: debian-release@lists.debian.org, 603450@bugs.debian.org
Reply-to: Alexander Reichle-Schmehl <tolimar@debian.org>, 603450@bugs.debian.org

Hi release manager,

#603450 is a bug (currently with severity grave, Justification: user
security hole), as offlineimap does no ssl certificate checking.


While I agree, that this is a really important feature, which should be
fixed, I'm wondering, if that really is release critical.


There's patch floating arround, which has a major regression: It doesn't
work for users of self signed certificates.  Should this bug be seen as
of release critical severity, would you therefore at least consider
tagging it squeeze-ignore?


Best Regards,
  Alexander

Reply to:

Follow-Ups:
- Bug#603450: Is 603450 realy release critical?
  - From: Bastian Blank <waldi@debian.org>
- Bug#603450: Is 603450 realy release critical?
  - From: gregor herrmann <gregoa@debian.org>

Prev by Date: Bug#603450: Fwd: Due offlineimap absence of certificate validation issue -- Debian BTS#603450
Next by Date: Bug#603450: Adopting offlineimap
Previous by thread: Processed: reopening 595749, reassign 595749 to ispell, retitle 595749 to ispell recommends a random wordlist
Next by thread: Bug#603450: Is 603450 realy release critical?
Index(es):
- Date
- Thread