Bug#549936: breaks Shibboleth SPs: IdPs with KeyDescriptor use="signing" are broken
Ferenc Wagner
wferi at niif.hu
Wed Oct 7 12:49:12 UTC 2009
Faidon Liambotis <paravoid at debian.org> writes:
> Russ Allbery wrote:
>
>> Unfortunately, I'm both sick at the moment and my main computer is
>> dead with hardware failure, so I can't easily pursue it at the moment.
>> If someone else could, that would be great. I had proposed the needed
>> changes for opensaml2 for the next stable update, but didn't get a reply
>> from the bug filed against release.debian.org. In this case, it may be
>> best to ask team at security.debian.org whether this update should instead
>> be done via the security queue since having the xmltooling fix without
>> the opensaml2 fix breaks the package.
> Sorry to hear that.
>
> Unfortunately, it's more complicated than that; Scott said in an
> off-list mail that due to some weird gcc inlining, shibboleth-sp2 would
> need to be rebuilt as well.
>
> I can handle the uploads but considering the magnitude of the changes,
> I'd prefer it if one of your comaintainers could handle the update or
> even wait for you to get better. If you insist, though, say so and I'll
> NMU in coordination with the security and release teams.
Unfortunately Russ is the only DD in the team. While I can help with
building packages for example, I'm not familiar with the security
procedure and can't upload either.
--
Regards,
Feri.
More information about the Pkg-shibboleth-devel
mailing list