Thanks for the detailed test case, maybe it can become an autopkgtest next ;)
About the SRU: a) Where problems could occur There you are explaining how the fix works, but not what could go wrong. The immediate impact here is that this update could be breaking jwt authentication entirely. perhaps even the single aud case which has been working so far. You are hinting that the fix also copes with the case where "aud" is a single object and not an array, but the test plan seems to be testing only the array case. This is where it all comes together: in order to avoid a regression (breaking the single aud case, for example), the test plan could be augmented to also test that case. This is linking "what could go wrong" with coverage in the test plan. b) Linked to (a), could you then expand the test case to also test for the single aud case? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2142200 Title: dovecot-core: OAuth2 JWT validation fails with client_id set but aud is missing when aud claim is an array To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/2142200/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
