On Wed, 29 Sep 2010 14:13:37 -0700, Kyle Bader wrote: > > Debian, being a volunteer organization, has it's upsides and > > downsides. The downside here being without an active volunteer > > interested in this problem, nothing has happened. > > > > What is needed here is someone to step up to the plate: file some bugs; > > try to find the patches; backport and test them; etc. Bottom line, > > a little work and communication with maintainers of the affected > > packages would go a long way toward resolving this. > > That was my initial goal in initiating this conversation. I provided > a link to the patches already: > > http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/jaunty/openssl/jaunty-proposed/revision/34 > > I installed the jaunty package on my lenny machines and the ff error > console warning is gone: > > https://debian-lenny.badercom.net/ > > It appears to work but whenever a package as critical as openssl is > modified it's important to have upstream take a look to make sure > everything looks good. Ubuntu may or may not have done this, I > haven't done the leg work to figure that out but it looks like that > could be the next step. If I/we/whoever can verify this or gain the > blessing of upstream would you consider updating the package Kurt if I > also coordinate this with the Debian apache and nginx packagers?
I could have sworn that renegotion in lenny's openssl was disabled. But according to the changelog, that looks to not be the case [0]. Based on that, I agree that a DSA should be issued. Mike [0] http://packages.debian.org/changelogs/pool/main/o/openssl/openssl_0.9.8g-15+lenny8/changelog -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
