Bug#772487: unblock: resiprocate/1.9.8-1
On 07/12/14 22:08, Ivo De Decker wrote:
> tags 772487 wontfix
> thanks
>
> Hi,
>
> On Sun, Dec 07, 2014 at 07:13:35PM +0100, Daniel Pocock wrote:
>> The debdiff is about 900 lines but this includes a lot of comments as
>> I've explained what I was doing throughout the security code and about
>> 30% of that is a new test case, testSecurity.cxx, to validate the new
>> config string parsing.
>
> This type of change is not appropriate at this stage of the freeze. Sorry, but
> I have to deny this one.
>
Can you please clarify what you mean by "this type of change"?
This is very relevant to the security of the package when used on the
public Internet, especially given the expected support lifetime of jessie.
Not everybody uses it that way however so I didn't mark the repro bug as
RC but I've filed an RC bug against libresiprocate because somebody
using SSLv23_method may want the choice to eliminate SSL v3.
I made the upstream release 1.9.8 myself (I am also one of the upstream
developers) including only the changes necessary to resolve the issue
and make the package more future-proof within jessie.
I made these changes in such a way that it is ABI compatible and there
is no need for a transition or recompilation of other packages.
Reply to: