About distribution maintainers ([ANNOUNCE] OfflineIMAP v6.3.0 released)
Sebastian Spaeth
Sebastian at SSpaeth.de
Tue Dec 14 00:42:04 GMT 2010
On Tue, 14 Dec 2010 10:46:51 +1100, John Ferlito <johnf at inodes.org> wrote:
> So we actually need to move quickly on something. Alexander
> Reichle-Schmehl pointed out to me that offlineimap is about to be
> pulled from debian due to a *grave* bug.
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=603450
>
> offlineimap: fails check the remote servers ssl certificate is valid
>
> Does anyone know if this has been looked at?
Interesting that upstream doesn't get notified when a package is about to
be pulled from the distro for security reasons :-(.
THe fix that has been posted to the debian bug tracker would work under
python >=2.6 where ssl_wrap calls ssl.wrap() but it would fail to work
under python 2.4 and python 2.5 where ssl_wrap calls socket.ssl() (which
doesn't support those additional cert parameters). So there will be more
work required if we want to remain python 2.4/5 compatible when using
SSL.
Sebastian
More information about the OfflineIMAP-project
mailing list