Bug#549936: breaks Shibboleth SPs: IdPs with KeyDescriptor use="signing" are broken
Scott Cantor
cantor.2 at osu.edu
Tue Oct 6 21:58:54 UTC 2009
Russ Allbery wrote on 2009-10-06:
> Ack, I'm sorry. I didn't realize that, so yes, that will indeed be a
> problem.
Sorry, I didn't understand that the fixes were being published separately, since I was reviewing them simultaneously.
As it stands, I see now that the advisory I wrote should make this issue clearer, since it also mistakenly implies the libraries can be fixed without rebuilding the SP.
> Unfortunately, I'm both sick at the moment and my main computer is
> dead with hardware failure, so I can't easily pursue it at the moment.
> If someone else could, that would be great. I had proposed the needed
> changes for opensaml2 for the next stable update, but didn't get a reply
> from the bug filed against release.debian.org. In this case, it may be
> best to ask team at security.debian.org whether this update should instead
> be done via the security queue since having the xmltooling fix without
> the opensaml2 fix breaks the package.
Let me know if I can help.
-- Scott
More information about the Pkg-shibboleth-devel
mailing list