Comment 8 for bug 1401322

I have to agree with the sentiment that this should be backported on the grounds Ubuntu LTS releases are popular server operating systems which many folks rely on for day to day operations. As an LTS release its expected security issues will be taken care of as long as the release is supported. The idea that this is not being backported because it has the potential to break some applications which have made assumptions regarding certificate validation is beyond me and I find the notion that some internal team within Ubuntu is going to sit and fix applications invididually absolutely crazy. If individual application patching is being proposed it would seem more sane to simply backported the security fix and hunt for apps that are now unstable. If and when these apps are found folks at Ubuntu or in the general community should coordinate with the respective upstream to get the appropriate fixes in. IMHO holding back this update will do more harm then good.

As a potential compromise, might this be considered for backported in 14.04 only? I ask because, like @wkoot, I would rather not have to wait and later upgrade to Ubuntu 16.04 to see this security issue resolved.