On Thu, May 01, 2025 at 10:55:27PM +0200, Simon Josefsson wrote: > Thanks for debugging! Seems okay for a quick fix but a proper fix should work > with both new and old configs. I suspect some GSSAPI flag or parameter may > trigger this, even if it can be fixed in dovecot I would want to review if > gsasl could or should behave differently anyway. I recall some shortcuts in > this area, and channel bindings have bad interop history. I am traveling so > no laptop but feel free to nmu as you prefer. >
Agreed; for now, within Debian, we can stick to a single version. That might make backports harder, but that doesn't look like it'll be an issue for gsasl based on its history. Since the test is part of upstream's source, though, it makes sense to support both versions there. For dovecot in trixie, I'm considering reverting channel binding support altogether. That'll force us to drop SCRAM-SHA-1-PLUS and SCRAM-SHA-256-PLUS support, but I'd rather do that than ship dovecot 2.3 again, which is the most likely alternative. (This assumes that I don't find a proper fix for the regression.) noah
