Hi Reinhard, Could you have a look at this patch <https://github.com/boxbackup/boxbackup/compare/debian_10_fix_ssl> (documented here <https://github.com/boxbackup/boxbackup/wiki/WeakSSLCertificates#workaround-2>) to see if it's something like what you were hoping for?
Thanks, Chris. On Fri, 31 May 2019 at 22:55, Reinhard Tartler <siret...@gmail.com> wrote: > > > On Fri, May 31, 2019 at 5:03 PM Chris Wilson <chris+goo...@qwirx.com> > wrote: > >> Hi Reinhard, >> >> Presumably the many other affected packages have had similar difficulty >> in developing a comprehensive solution? I also wasn't aware of a time >> constraint. Not that it would have helped me much, as I was moving house, >> but it would have been good to know that there was a risk of not making >> Debian 10. >> > > I'm sorry, I should have communicated that point earlier. I've been bitten > by this with other packages as well. > The release schedule is documented here: > https://wiki.debian.org/DebianBuster > The most recent update from the release team is > https://lists.debian.org/debian-devel-announce/2019/04/msg00003.html - > and newer updates will be linked from https://release.debian.org/. > > In short: The team is minimizing changes as much as possible, and getting > updates in becomes more and more a similar big deal as updating something > in stable. > > I could create a special branch with a cut-down version of the solution, >> e.g. forcing the SecurityLevel to -1 (compatibility and warn) for the time >> being, in order to get the fix out in time for Debian 10, and then put the >> full version into backports? >> > > That would be amazing, if the patch is easy to review, I'd be happy to > upload it as a distro patch based on the current package and try to get > this approved by the release team. It might even be accepted as a stable > update, depending on how invasive it is. > > > Thanks, > -rt > >
