Hi, Specifically, we were hoping to better understand the risk of openssl changes breaking existing setups. It's possible the issues with gnutls and libnet-ssleay-perl tests were narrowly scoped enough that that risk is low, but we're just not sure right now. Other input would be welcome.
Thanks, Julien On Mon, Mar 21, 2022 at 08:23:20PM +0000, Adam D. Barratt wrote: > On Sun, 2022-03-20 at 22:00 +0100, Paul Gevers wrote: > > Dear Sebastian, Kurt, > > > > On 19-03-2022 12:33, Adam D Barratt wrote: > > > Upload details > > > ============== > > > > > > Package: openssl > > > Version: 1.1.1n-0+deb10u1 > > > > > > Explanation: new upstream release > > > > We're seeing a regression in buster in the autopkgtest of gnutls28 > > with > > the new version of openssl on all tested architectures. Can you > > please > > have a look and advise? (bullseye doesn't seem to have the test > > anymore, > > hence it doesn't fail). > > Thanks to both Kurt and Sebastian for quickly identifying the issue > here, and to Adrian Bunk for the libnet-ssleay-perl fix. > > There's been some continued discussion today as to whether we feel > comfortable releasing the update with the 10.12 point release when we > have only been finding such issues during the week leading up to the > point release. > > I fully appreciate that the large delays in getting to this point were > mostly on our part, and that postponing the release until 10.13 would > likely be frustrating, but the worry is that we don't have a good view > of the changes that might be user-affecting in order to be comfortable > with potential behaviour changes landing in oldstable - for example, > the libnet-ssleay-perl issue appears to be related to 1024-bit keys no > longer being accepted by default; while in general this is obviously a > desirable behaviour, it is nonetheless a change in the behaviour > compared to the current package in buster. > > The situation is also slightly complicated by the fact the debian- > installer uses OpenSSL internally, so we are also under internal time > pressure to reach a conclusion, in order to be able to proceed with the > installer build for the point release, rather than being able to leave > the decision until the end of the week. > > Thank you for bearing with us. > > Regards, > > Adam >
