[Pkg-puppet-devel] Bug#863632: Bug#863632: puppetmaster: The broken compatibility with older agents
Apollon Oikonomopoulos
apoikos at debian.org
Mon May 29 22:04:41 UTC 2017
Control: severity -1 important
Control: tags -1 wontfix
Dear Martin,
On 15:12 Mon 29 May , Martin Duspiva wrote:
> Dear Maintainer,
>
> fter install the last security update 3.7.2-4+deb8u1, the puppet
> master doesn't work with puppet agents ( clients ) on Debian Squeezy
> and Wheezy. The error on agent is:
Thank you for the report.
Unfortunately this is a known and well-documented issue. It's documented
in both the package's debian/NEWS, and the Debian Security
Announcement[1] on the debian-security-announce mailing list.
[1] https://lists.debian.org/debian-security-announce/2017/msg00122.html
It is (at least currently) impossible to retain compatibility and fix
the vulnerability at the same time, as the 2.7 agent sends everything
using YAML while the 3.7 master will reject YAML as unsafe. The
recommended approach is to use the 3.7 packages from wheezy-backports on
wheezy agents. I know this is not ideal, but 2.7 is unsupported upstream
for quite a while now.
Regards,
Apollon
More information about the Pkg-puppet-devel
mailing list