On Tue, Dec 13, 2016 at 19:19:53 +0100, Michael Biebl wrote: > Am 13.12.2016 um 18:22 schrieb Michael Biebl: > > Control: forwarded -1 https://bugzilla.gnome.org/show_bug.cgi?id=776045 > > > > Am 13.12.2016 um 18:02 schrieb Michael Biebl: > >> Am 13.12.2016 um 16:53 schrieb Alberto Gonzalez Iniesta: > >>> Hi there, > >>> > >>> The --tls-remote was removed in OpenVPN 2.4, and was already marked as > >>> DEPRECATED in OpenVPN 2.3. From OpenVPN 2.3's manpage: > >>> > >>> Please also note: This option is now deprecated. It will be removed > >>> either in OpenVPN v2.4 or v2.5. So please make sure you support the new > >>> X.509 name formatting described with the --compat-names option as > >>> soon as possible by updating your configurations to use > >>> --verify-x509-name instead. > >>> > >>> IMHO this should have been fixed in network-manager-openvpn before 2.4 > >>> arrived. > >> > >> Ok, thanks for the info. > >> I've cloned this bug report for openvpn. It needs a versioned Breaks > >> against network-manager-openvpn once a fixed version has been uploaded, to > >> avoid breakage on partial uploads. > >> > >> I'll ping you once such a version is available. > > > > I've blocked the two bugs accordingly and forwarded the issue to upstream. > > Looking at https://codesearch.debian.net/search?q=tls-remote > there are possibly more packages which are affected. > Have you notified them about this and/or checked that they are not affected? > > I'm not sure if it's a bit late at this point of the release cycle to > introduce such a change in openvpn. I've CCed the release-team on their > input on this, i.e. whether we want openvpn in stretch 2.4 and how the > removal of tls-remote should be handled. > Now is not the time to make incompatible changes affecting other packages? How hard would it be to provide backwards compatibility here?
Cheers, Julien