I appreciate your detailed explanation, era. Thank you.
On 1/19/21 10:07 PM, era wrote:
The following is based on my -- possibly limited -- understanding based on
reading through the bug reports around this.
On Wed, Jan 20, 2021, at 05:56, Deb-user wrote:
Thank you for your reply. Yes, the workaround works, but I feel that
this is still a bug in the package. I'm also not sure how safe it is to
disable TLS 1.3.
Your options at this point are then, in no particular order;
* Live without ELPA (easy if you can live with base Emacs; hard if you need
ELPA packages);
* Find or create a backport of the TLS1.3 handling fix yourself, and use that
instead of the Debian-packaged Emacs;
* Turn off TLS1.3 and take steps to mitigate the risks (not sure what exactly
that would look like in practice)
I believe Emacs version 26.3 fixes this. I don't know how updating
packages works in stable releases, or if it is even possible. I am new
to Debian.
In normal circumstances, the "stable" version does not get updates except for
critical security fixes. However, there was already one attempt at fixing this particular
bug which however doesn't seem to work satisfactorily, which is apparently what caused
this bug to be submitted. There definitely won't be a 26.3 in Buster, but perhaps the
maintainer would still like to take another stab at providing a backport for 26.1 which
actually works, and release that fix to Buster.
Perhaps see also the discussion in the linked original bug
https://bugs.debian.org/942413
/* era */
