OTC VOTE: Revert the commits merged from PR #16027 in 1.1.1
Tomas Mraz
tomas at openssl.org
Wed Aug 11 07:59:59 UTC 2021
As this vote is still ongoing I am going to somewhat promote its case.
I really suspect that many applications albeit somewhat special ones
will be broken by this change. So although the change can be surely
viewed as a bug fix it is IMO wrong that it was merged to the 1.1.1
branch.
Although there might be security implications of exporting an
incomplete/broken DER encoding, no concrete security issue was
presented that exists unless this bug is fixed.
On Tue, 2021-08-10 at 11:53 +0100, Matt Caswell wrote:
> topic: Revert the commits merged from PR #16027 in 1.1.1
> Comment: Refer to issue #16266 for background
> Proposed by Tomas Mraz
> Public: yes
> opened: 2021-08-10
> closed: 2021-mm-dd
> accepted: yes/no (for: X, against: Y, abstained: Z, not voted: T)
>
> Dmitry [+1]
> Matt [+1]
> Pauli [ ]
> Tim [-1]
> Richard [ ]
> Shane [-1]
> Tomas [+1]
> Kurt [ ]
> Matthias [ ]
> Nicola [-1]
--
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]
More information about the openssl-project
mailing list