A change in behavior because OpenLDAP has switched to using a different parser for cipher suites than what was in place previously isn't "broken behavior on GnuTLS' part".
Steve: the fact that the behavior changed isn't "broken"; the fact that the behavior is so completely different from the official GnuTLS documentation *is*.
Your continuous maligning of GnuTLS in Debian bug reports is unhelpful; we cannot ship libldap linked against OpenSSL for license reasons, so reminding us how much you disapprove of GnuTLS isn't going to change anything - aside from discouraging me from spending time on bug mail for the openldap package.
As software and security professionals, we cannot in good conscience stand mute on the subject. The quality of the code in GnuTLS is obviously low, the risk of security vulnerabilities is high, and the cost in maintenance is only going up. Whether you want to hear it or not, we are obligated to state for the record that using GnuTLS is a bad idea, because that's the objective truth.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
