Hi, On Sat, Apr 12, 2025 at 05:40:15PM +0200, Sylvain Beucler wrote: > Hi, > > For the record I referenced the patch to track progress, but until it's > validated by upstream we (LTS Team) usually don't recommend applying PRs in > the packaging. > (Unless this was intentional e.g. so it could be tested widely in Debian > unstable.) > > Upstream just answered with reservations about including the patch, it may > be worth discussing with them :) > https://github.com/hoytech/String-Compare-ConstantTime/pull/21#issuecomment-2798871668
Yes I think we should revert the patch for now until there is agreement that it's the way to go and not diverge from (the after all documented) behaviour. If it get merged and the documentation updated upstream then then have it in any case first exposed via unstable, we then still could decide on what to do for bookworm (ignoring might be an option). I was pondering actually to have the issue marked as unimportant adding a note that it behaves as documented, but would like to hear a comment from Moritz on that if he agrees. Regards, Salvatore
