Am 05.07.22 um 09:23 schrieb Raphaël Hertzog:
as Kali is based on Debian testing, our users started to experience
the git snapshot of OpenVPN that you uploaded. Unfortunately, we got
multiple reports that their VPN break because many VPN services ship .opvn
files that rely on --cipher.
At the same time, it's not really reasonable to expect (commercial)
services to be ready for a version of OpenVPN that is not released yet.
Upstream OpenVPN contributors are blaming Debian/Kali for this choice:
https://forums.openvpn.net/viewtopic.php?p=107165#p107154
As such I really believe that this git snapshot should have stayed in
experimental. Why was it uploaded to unstable before its upstream
release?
I respectfully disagree. This is what unstable/testing is for. 2.6 is to
be released really soon, it contains breaking changes which we need to
iron out / document with both upstream and Debian packaging. This can't
wait until the last minute before the freeze. The 2.6 upload was
influenced by OpenSSL 3.0, but this was definitely not the only reason
to do this.
If we don't want to switch back to 2.5.x, it might make sense to
temporarily revert the backwards incompatible change
that breaks most people's setup, I'm speaking of this commit:
https://github.com/OpenVPN/openvpn/commit/65f6da8eeb84fbcea357765e13fa73d0169a143c
I don't see a good reason to do this in Debian. We either have to keep
that change forever, or at some point later revert the revert, which
will immediately break these setups again. At least this way users see a
major version upgrade in their apt log.
This could be discussed with upstream.
Bernhard
