Mathieu Parent: > severity 854819 serious > tag 854819 - patch + upstream > tag 849151 - patch > thanks > > Some news about this: upstream has worked on this, but I needed two > more patches for complete support > (https://github.com/horde/horde/pull/221). > > Niels, I plan to do the following: > - wait one week until the Horde team review and hopefully merge my > pull-request > - upload to sid 2.7.8 with my PR (or that might be 2.7.9 if PR is merged) > - ask an unblock request > > Appart from GnuPG support (and style or comment changes), 2.7.5..2.7.8 > includes the change "Correctly specify either sha-1 or sha-256 when > signing a smime message." which is worth having given that sha1 is > dead now. > > Niels, what do you think about this plan? > > Regards >
I have not seen the actual changes of these upstream releases, so I cannot comment on them. Given we are in a freeze, I can only recommend going with targeted fixes (which can include the "smime sha"-fix if that makes sense). That said, if the diff for 2.7.5..2.7.8 is short and reviewable, I can be probably persuaded to consider it. FYI: These fixes (regardless of which path we go with) should probably be in unstable within week. Preferably sooner. Thanks, ~Niels