Add Zstd compression module

Bug #1829383 reported by Paweł Krawczyk on 2019-05-16
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
nginx (Ubuntu)
Wishlist
Unassigned

Bug Description

These two modules are now pretty mainstream and should be available within Ubuntu repo (e.g. nginx-extras line):

https://github.com/tokers/zstd-nginx-module

https://github.com/google/ngx_brotli (REJECTED, see comments --teward)

Thomas Ward (teward) wrote :

Brotli was rejected for inclusion in Ubuntu NGINX after discussion with the Security Team. This was discussed in https://answers.launchpad.net/ubuntu/+source/nginx/+question/678209 There has been no movement in Security Team concerns or any effort to fix a variant of BREACH that is still present in Brotli compression, therefore Brotli remains rejected for inclusion under the same reasoning that was provided back in January.

zstd has not been vetted yet. This requires Security team consultation before it can be continued.

Per Bug Processing guidelines I am setting this bug as "New" and "Wishlist" importance.

Changed in nginx (Ubuntu):
importance: Undecided → Wishlist
summary: - Add Brotli and Zstd compression modules
+ Add Zstd compression module
description: updated

Thank you, makes perfect sense. I have preemptively suggested improvements to the zstd module to avoid repeating the issues with brotli.

Thomas Ward (teward) wrote :

Going back to Brotli, though, because I did double check with the Sec Team:

I have consulted with Seth Arnold on the Security Team, and given the Code Bugs identified in Brotli still (and not unfixed), Brotli remains in the "Not Suitable for Inclusion" list. Therefore, Brotli will not be considered.

(Still have to look at zstd, but... they busy, the Security Team...)

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers