Bug#234583: #231196 -- raise to critical
Severity: critical
I have attempted to raise the severity of bug#231196 since there are
other TLS/SSL issues queueing up in the bug list eg. #234583 and the
original #205452 reporting lost TLS features following the patch that
replaced openssl with gnutls in the openldap source.
So far no response from the package maintainers on these issues. If you
are going to patch a package downstream without using upstream resources
to verify that the patch has not clobbered documented behaviours then
you are going to have to be more vigilant to bug reports on the package.
The alternative is to have the patch accepted upstream which means doing
the hard yards to get it working correctly. Along with offering two
versions of this package one that is openssl dependant and one that is
gnutls dependant in the meantime so that users who are relying on ldap .
cheers,
greg burley
##########################################################################
This e-mail is for the use of the intended recipient(s) only. If you have
received this e-mail in error, please notify the sender immediately and
then delete it. If you are not the intended recipient, you must not use,
disclose or distribute this e-mail without the author's prior permission.
We have taken precautions to minimise the risk of transmitting software
viruses, but we advise you to carry out your own virus checks on any
attachment to this message. We cannot accept liability for any loss or
damage caused by software viruses.
##########################################################################
Reply to: