On Wed, Aug 11, 2021 at 09:53:14PM +0300, Nicola Tuveri wrote: > On the other hand, 1.1.1 is not in its last year of support so it is not > limited to security fixes only. > > The commits which this vote proposes to revert fixed a bug that produced > invalid output from functions with a clear intent. > This might have security repercussions, as the user might end up signing > something which is unexpectedly invalid. > But even without concrete security vulnerabilities on record, if we > classify invalid output as a bug this should be fixed in 1.1.1. > > There are applications that might be broken, because they relied on the > buggy behavior for producing invalid output as intermediate data, but, as > mentioned in #16266, there are ways of producing the required non-x509 data > without abusing functions meant to produce valid x509. > > It is unfortunate for existing applications to break upon a patch release, > but given that patch releases for 1.1.1 are meant to fix security defects > and bugs, this is inevitable for any application relying on buggy behavior > (especially as in the case that triggered this discussion, which configures > a clear abuse of the API, while alternative non-abusive ways of achieving > the intended result exist).
There are a lot of things we accept in a certificate we shouldn't. And I would like to fix all of them. But fixing them in stable branches is going to cause people problems and prevent them from upgrading to a newer version and getting other security fixes. I prefer to only do breaking changes in a minor version. Kurt