On 04/17/2016 01:58 PM, Sebastian Andrzej Siewior wrote: > On 2015-11-16 08:19:36 [-0700], Alex Rousskov wrote: >> On 11/14/2015 09:02 AM, Alex Rousskov wrote: >> >>> If we can provide a small better fix, we will. If a better fix requires >>> too many unrelated changes to this Polygraph version, we will provide a >>> patch that disables SSLv3 (until a recent Polygraph version with a >>> comprehensive fix is released). >> >> The attached patch allows Polygraph to be built with OpenSSL that does >> not support SSLv3 while preserving legacy functionality for those who >> need it.
> Current 4.9.0 version still has the problem. IIRC, the patch was developed after v4.9.0 was released. > Any reason why I should not NMU it? Not that I know of. If it works, please do! > Alex in case you need a sponsor then I could help with that. Yes, but, frankly, we probably need a maintainer. We are happy to do the legwork upstream, but do not have anybody with enough Debian knowledge to efficiently navigate the Debian-specific packaging process and related maintenance steps. AFAICT, sponsorship would be required (thank you!) but _insufficient_ to get the package fully up to date. For more details, please see: http://lists.web-polygraph.org/pipermail/users/2016-March/000313.html Thank you, Alex.