> Debian, being a volunteer organization, has it's upsides and > downsides. The downside here being without an active volunteer > interested in this problem, nothing has happened. > > What is needed here is someone to step up to the plate: file some bugs; > try to find the patches; backport and test them; etc. Bottom line, > a little work and communication with maintainers of the affected > packages would go a long way toward resolving this.
That was my initial goal in initiating this conversation. I provided a link to the patches already: http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/jaunty/openssl/jaunty-proposed/revision/34 I installed the jaunty package on my lenny machines and the ff error console warning is gone: https://debian-lenny.badercom.net/ It appears to work but whenever a package as critical as openssl is modified it's important to have upstream take a look to make sure everything looks good. Ubuntu may or may not have done this, I haven't done the leg work to figure that out but it looks like that could be the next step. If I/we/whoever can verify this or gain the blessing of upstream would you consider updating the package Kurt if I also coordinate this with the Debian apache and nginx packagers? -- Kyle -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktikisdrz91bovr2_eebmhonyk+15prafbeun1...@mail.gmail.com