Bug#962407: Bug#954089: libplack-perl: Please verify server identity via SSL
Damyan Ivanov
dmn at debian.org
Thu May 26 13:28:16 BST 2022
-=| gregor herrmann, 25.05.2022 22:24:09 +0200 |=-
> On Sun, 07 Jun 2020 17:45:41 +0100, Dominic Hargreaves wrote:
>
> > Correction, given the amount of time that's passed and that I'm not
> > even sure if the person who responded negatively on the previous
> > issue speaks for the current maintainers, I have opened a new issue:
> >
> > https://github.com/chansen/p5-http-tiny/issues/134
>
> Revisiting this issue now, the state seems to be:
>
> The upstream ticket was closed with
>
> "On reflection, we shouldn't make this change for backwards compatibility."
>
> So I guess we are back to the point where we have to discuss if we
> want to make the change on the Debian side and carry the patch (and
> keep the pieces if something breaks).
>
> I think we had a tendence to say "this change makes sense" and "it
> doesn't look like huge breakage ahead" but I guess someone need to
> pick up this issue and take a deeper look.
I think we should make the change in Debian despite upstream's
decision.
Anything that breaks was already insecure and keeping it that way is
actually a disservice.
If I understand correctly we are talking for a fix in unstable that
would propagate to the next stable release in the usual manner.
Contrary to a security update, this gives plenty of time for users for
tests.
-- Damyan
More information about the pkg-perl-maintainers
mailing list