Scott Kitterman: > On Sunday, March 10, 2019 11:11:15 AM Wietse Venema wrote: > > Scott Kitterman: > > > I received the bug report/patch below from a Debian user. I'm somewhat > > > busy this weekend/week, so I decided to forward it without evaluation > > > rather than sit on it for a week until I could research it. > > > > > > I attempted to remove the distro specific noise from the report. > > > > Sorry for making you the guinea pig. > > > > I am considering to withdraw Postfix 3.4 and do a proper Postfix > > 3.5 release as planned later this year. We can't afford having a > > stable release with bug-of-the-week fixes like we have now. > > I knew I was taking a risk jumping to 3.4 late in our release cycle. > > A week from now when it hits Debian Testing, the user base will grow > significantly and we'll get more feedback. > > I guess there weren't enough testers for 3.4 before release. I don't know > that that situation will be better later in the year for 3.5. From my point > of view (I don't know about other distros/OS), it would be somewhat painful to > stay on 3.3 for the next release at this point, but it'll be a lot harder a > week from now. > > My preference would be to press on with 3.4 (I don't mind packaging the bug > fixes if you don't mind releasing them), but if you are going to withdraw 3.4 > please do it before next Sunday so I can keep it out of the next Debian > release.
We know of multiple bugs that broke 'desirable functionality' after an overhaul of the TLS stack, and that were kindly brought to the developer's attention by folks like you. I have to consider the possibility that the same overhaul introduced an equal if not larger number of bugs with 'undesirable functionality', and that these bugs will be found by not-so-kind folks, who will report them only if it helps to promote themselves while at the same time destroying Postfix's good reputation. Wietse