markt-asf commented on PR #38: URL: https://github.com/apache/tomcat-native/pull/38#issuecomment-3859136065
If we ignore the dramatics, this boils down to an assessment of the risk that a CA might deploy a malfunctioning OCSP responder vs the risk of applying the patch and the ongoing maintenance cost. Is the cost of protecting Tomcat Native against the CA making a mistake worth it given the likelihood of that mistake happening? I think both the risk of a malfunctioning responder and and the risk of applying the patch are very low. The ongoing maintenance is minimal. If this PR had been presented without the dramatics I think I would have reviewed it, concluded the check was a reasonable one to make and committed it. Therefore, I intend to commit this later today (before I tag the next round of releases) unless there are objections. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
