Hello all, Ola Lundqvist: > As I can see it there are the following options: > 1) Do nothing. Let it be like this. We have a regression problem but only > for software that fork and use nss in several threads. > 2) Try to reverse the library split. This is a non-trivial task. > 3) Try to fix the dlopen problem. I have tried in many ways but always > fail. If anyone have a really good idea about this, please let me know. > 4) Reverse the whole nss update. I'm not 100% sure how to do that as we did > a version update and it is hard to "downgrade". We can certainly fix the > CVE that this update solved. It should not be too hard. > > What do you all think is the best option?
I'd suggest a variation of 4, which is - keep the latest NSS pkgs as is, which is equivalent to your option 1. - for the oldstable users who suffer from this problem (like me), provide the previous NSS pkgs so that they can downgrade as their own choice. - "provide" here means just to put the previous versions somewhere on Debian site as "hold-pkgs-for-oldstable" or something. > The investigation have taken a considerable amount of time so I do not want > to continue with this unless you really think it is important. I appricate your effort, Ola. J. R. Okajima