© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Robie:
- Agree the regression potential is likely moderate given the nature of the change. That said, the change is implemented already in newer Ubuntu releases via inclusion of newer GnuTLS releases, which may provide some degree of confidence in the correctness of the fix.
- Unclear how best to test that regressions aren't introduced. Does GnuTLS have an existing appropriate test suite which can be leveraged? I can say we've been running a patched build of GnuTLS per earlier attachment on our servers without issue, but that's obviously not sufficient for any sort of sign-off.
- Very strongly agree that this patch needs to be reviewed by someone suitably knowledgeable about GnuTLS internals and the relevant security topics. The included patch is just a cherry-pick of the relevant commit which fixes the issue upstream.
- The patch does not fix a security issue, but does fix a bug in security sensitive code. In that respect, bugs in the patch could obviously very easily introduce security issues, so careful review is required.
All of the above said, I'm not sure I can contribute much more than I already have. The issue is identified, I've backported the relevant commit, and can confirm it works based on my own testing and internal deployment at my workplace. What's needed now is review of the fix and potentially more testing.