Bug#828408: fixed in libpoe-filter-ssl-perl 0.30-2
Adrian Bunk
bunk at stusta.de
Sun Nov 13 08:30:52 UTC 2016
On Sat, Nov 12, 2016 at 06:43:35PM +0000, Jonathan Wiltshire wrote:
> On 2016-11-12 17:57, gregor herrmann wrote:
> > On Sat, 12 Nov 2016 18:45:31 +0100, Moritz Muehlenhoff wrote:
> >
> > > On Sat, Nov 12, 2016 at 04:50:25PM +0000, gregor herrmann wrote:
> > > > Source: libpoe-filter-ssl-perl
> > > > * Use OpenSSL 1.0.2 for the time being. (Closes: #828408)
> > >
> > > Don't close such bugs. You used a workaround, but the bug still
> > > persists. If there are valid exceptions not to move to openssl 1.1,
> > > they should rather be tagged stretch-ignore.
> >
> > Thanks for your mail.
> >
> > Indeed I was a bit unsure what to do with this bug (closes or
> > downgrade+unblock or close+clone ...), and I've seen this discussed
> > on #debian-release earlier today but I didn't see a consensus or
> > clear guidance there.
> >
> > I'm happy to have the release team / security team / OpenSSL
> > maintainers change the bug status or tell me what the preferred
> > method is, as soon is there is a clear consensus.
>
> stretch-ignore would not be appropriate. If the bug has been worked around,
> please downgrade and unblock.
How does the release team track that all fixes are in stretch?
Example:
#843988 looks like a runtime issue triggeren by compiling
stunnel4 with OpenSSL 1.1 instead of 1.0.2
One way to fix this for now would be using OpenSSL 1.0.2 in the
build dependencies.
If this fix would never migrate to testing for whatever reason,
you would end up with an stunnel4 in stretch that uses libssl1.0.2
but build-depends on libssl-dev.
Imagine a DSA for stunnel4 in 2018.
> Thanks,
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
More information about the pkg-perl-maintainers
mailing list