Re: OTC VOTE: Revert the commits merged from PR #16027 in 1.1.1

-1 On Tue, 10 Aug 2021 12:53:23 +0200, Matt Caswell wrote: > > topic: Revert the commits merged from PR #16027 in 1.1.1 > Comment: Refer to issue #16266 for background > Proposed by Tomas Mraz > Public: yes > opened: 2021-08-10 > closed: 2021-mm-dd > accepted: yes/no (for: X, against: Y, abstai

Re: OTC VOTE: Revert the commits merged from PR #16027 in 1.1.1

On Wed, 11 Aug 2021 21:20:42 +0200, Kurt Roeckx wrote: > > There are a lot of things we accept in a certificate we shouldn't. PR #16027 isn't about what our code accepts, but about what it *produces*. At the very least, I see an interop problem, because when certain necessary structure values ar

Re: OTC VOTE: Revert the commits merged from PR #16027 in 1.1.1

This vote is now closed: closed: 2021-08-13 accepted: yes (for: 5, against: 3, abstained: 1, not voted: 1) Tomas On Tue, 2021-08-10 at 11:53 +0100, Matt Caswell wrote: > topic: Revert the commits merged from PR #16027 in 1.1.1 > Comment: Refer to issue #16266 for background > Proposed by Tomas

Re: OTC VOTE: Revert the commits merged from PR #16027 in 1.1.1

On 11/08/2021 20:20, Kurt Roeckx wrote: But fixing them in stable branches is going to cause people problems and prevent them from upgrading to a newer version and getting other security fixes. This is actually an important point. We *want* people to upgrade to the latest patch release of a

Re: OTC VOTE: Revert the commits merged from PR #16027 in 1.1.1

On Wed, Aug 11, 2021 at 09:53:14PM +0300, Nicola Tuveri wrote: > On the other hand, 1.1.1 is not in its last year of support so it is not > limited to security fixes only. > > The commits which this vote proposes to revert fixed a bug that produced > invalid output from functions with a clear inte

Re: OTC VOTE: Revert the commits merged from PR #16027 in 1.1.1

On the other hand, 1.1.1 is not in its last year of support so it is not limited to security fixes only. The commits which this vote proposes to revert fixed a bug that produced invalid output from functions with a clear intent. This might have security repercussions, as the user might end up sign

Re: OTC VOTE: Revert the commits merged from PR #16027 in 1.1.1

On Tue, Aug 10, 2021 at 11:53:23AM +0100, Matt Caswell wrote: > topic: Revert the commits merged from PR #16027 in 1.1.1 +1 Kurt

Re: OTC VOTE: Revert the commits merged from PR #16027 in 1.1.1

As this vote is still ongoing I am going to somewhat promote its case. I really suspect that many applications albeit somewhat special ones will be broken by this change. So although the change can be surely viewed as a bug fix it is IMO wrong that it was merged to the 1.1.1 branch. Although there

Re: OTC VOTE: Revert the commits merged from PR #16027 in 1.1.1

+0 Pauli On 10/8/21 8:53 pm, Matt Caswell wrote: topic: Revert the commits merged from PR #16027 in 1.1.1 Comment: Refer to issue #16266 for background Proposed by Tomas Mraz Public: yes opened: 2021-08-10 closed: 2021-mm-dd accepted:  yes/no  (for: X, against: Y, abstained: Z, not voted: T)  

RE: OTC VOTE: Revert the commits merged from PR #16027 in 1.1.1

+1 > -Original Message- > From: openssl-project On Behalf Of Matt > Caswell > Sent: Tuesday, August 10, 2021 12:53 PM > To: openssl-project@openssl.org > Subject: OTC VOTE: Revert the commits merged from PR #16027 in 1.1.1 > > topic: Revert the commits merged

OTC VOTE: Revert the commits merged from PR #16027 in 1.1.1

topic: Revert the commits merged from PR #16027 in 1.1.1 Comment: Refer to issue #16266 for background Proposed by Tomas Mraz Public: yes opened: 2021-08-10 closed: 2021-mm-dd accepted: yes/no (for: X, against: Y, abstained: Z, not voted: T) Dmitry [+1] Matt [+1] Pauli [ ]