-=| gregor herrmann, 25.05.2022 22:24:09 +0200 |=- > On Sun, 07 Jun 2020 17:45:41 +0100, Dominic Hargreaves wrote: > > > Correction, given the amount of time that's passed and that I'm not > > even sure if the person who responded negatively on the previous > > issue speaks for the current maintainers, I have opened a new issue: > > > > https://github.com/chansen/p5-http-tiny/issues/134 > > Revisiting this issue now, the state seems to be: > > The upstream ticket was closed with > > "On reflection, we shouldn't make this change for backwards compatibility." > > So I guess we are back to the point where we have to discuss if we > want to make the change on the Debian side and carry the patch (and > keep the pieces if something breaks). > > I think we had a tendence to say "this change makes sense" and "it > doesn't look like huge breakage ahead" but I guess someone need to > pick up this issue and take a deeper look.
I think we should make the change in Debian despite upstream's decision. Anything that breaks was already insecure and keeping it that way is actually a disservice. If I understand correctly we are talking for a fix in unstable that would propagate to the next stable release in the usual manner. Contrary to a security update, this gives plenty of time for users for tests. -- Damyan
