About distribution maintainers ([ANNOUNCE] OfflineIMAP v6.3.0 released)

Sebastian Spaeth Sebastian at SSpaeth.de
Tue Dec 14 00:42:04 GMT 2010


On Tue, 14 Dec 2010 10:46:51 +1100, John Ferlito <johnf at inodes.org> wrote:
> So we actually need to move quickly on something. Alexander
> Reichle-Schmehl pointed out to me that offlineimap is about to be
> pulled from debian due to a *grave* bug. 
> 
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=603450
> 
> offlineimap: fails check the remote servers ssl certificate is valid
> 
> Does anyone know if this has been looked at?

Interesting that upstream doesn't get notified when a package is about to
be pulled from the distro for security reasons :-(.

THe fix that has been posted to the debian bug tracker would work under
python >=2.6 where ssl_wrap calls ssl.wrap() but it would fail to work
under python 2.4 and python 2.5 where ssl_wrap calls socket.ssl() (which
doesn't support those additional cert parameters). So there will be more
work required if we want to remain python 2.4/5 compatible when using
SSL.

Sebastian




More information about the OfflineIMAP-project mailing list