Bug#1101502: fixed in libstring-compare-constanttime-perl 0.321-3
Salvatore Bonaccorso
carnil at debian.org
Sat Apr 12 19:46:15 BST 2025
Hi,
On Sat, Apr 12, 2025 at 05:40:15PM +0200, Sylvain Beucler wrote:
> Hi,
>
> For the record I referenced the patch to track progress, but until it's
> validated by upstream we (LTS Team) usually don't recommend applying PRs in
> the packaging.
> (Unless this was intentional e.g. so it could be tested widely in Debian
> unstable.)
>
> Upstream just answered with reservations about including the patch, it may
> be worth discussing with them :)
> https://github.com/hoytech/String-Compare-ConstantTime/pull/21#issuecomment-2798871668
Yes I think we should revert the patch for now until there is
agreement that it's the way to go and not diverge from (the after all
documented) behaviour.
If it get merged and the documentation updated upstream then then have
it in any case first exposed via unstable, we then still could decide
on what to do for bookworm (ignoring might be an option).
I was pondering actually to have the issue marked as unimportant
adding a note that it behaves as documented, but would like to hear a
comment from Moritz on that if he agrees.
Regards,
Salvatore
More information about the pkg-perl-maintainers
mailing list