[Python-apps-team] Bug#861152: Bug#861725: unblock: nagstamon/2.0.1-4
Julien Cristau
jcristau at debian.org
Wed May 3 12:25:06 UTC 2017
On 05/03/2017 12:49 PM, Paul Wise wrote:
> On Wed, 2017-05-03 at 12:24 +0200, Moritz Schlarb wrote:
>
>> - This has been the behavior of the Nagstamon package since forever
>> (which is not a valid argumentation point - I know, but it's still a fact)
>
> There are two serious bugs here:
>
> 1) that certificates are not verified at least using CAs and or TOFU
>
> 2) that this fact was deliberately hidden from users
>
So FWIW I'm not sure I agree about the severity of either of those
things. My opinion is that hiding the warning is a regression compared
to showing them, so I'd rather we didn't do that in stretch right now.
>> What do you think?
>
> I think we should enable the warnings in all suites.
>
> Once verification is available, backport the patch to all suites.
>
And I disagree that changing the behaviour in a stable release is
appropriate.
Cheers,
Julien
More information about the Python-apps-team
mailing list