Sam Hartman <hartm...@debian.org> writes: > Shibboleth comprises opensaml, xmltooling, heavily depends on > xml-security-c and shibboleth-sp2.
> Ferenc Wágner (copied) has been handling the Shibboleth packaging and > has an understanding of where the upstream efforts are. There's been > discussion on pkg-shibboleth-...@lists.alioth.debian.org. Shibboleth upstream has said that they believe the porting effort to be substantial, since Shibboleth (specifically the lower-level libraries) heavily use OpenSSL key management and manipulation APIs that are very affected by the API change, and because (as security software) the consequences of making a small error in the API change can be very high. Upstream is working on the changes and on comprehensive tests to ensure that the port was done correctly, but their timeline doesn't line up well with our release freeze. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/>
