Thank you for linking the Debian bug. > This bug is for Apache 2.2 not for Apache 2.4 so don't mark as fix released when thats not the case...
The status is defined to reflect the status in the development release, where it is fixed. I'll add a Precise task for you though, to track status for 12.04 specifically. > This has been fixed already in Debian 7.6 and there is a debdiff for it so there should not be a considerable amount of work to apply it right now. Agreed. That Debian has chosen to do this suggests that it may be a good idea for Ubuntu also, and that there is a way to minimise regression. > ...as the regression potential is near to zero Message https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733564#37 suggests that this is not true, and that we need to also patch openssl to avoid regressing Mac clients. Please can you expand on this? If someone can post a debdiff and post an accurate regression potential analysis, then I think it's fine to ask the SRU team to consider this case. I would still want someone to drive this please; both in preparing the patches for Ubuntu, and also in thoroughly testing for regressions during the SRU process. I would note though that 14.04 is out now, so an LTS path is also already available to users. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1197884 Title: apache2.2 SSL has no forward-secrecy: need ECDHE keys To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1197884/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
