squid3 helper basic_pop3_auth crashes

Confirmed, and it's still a problem in git upstream even. Looks like not many people use this script, or maybe a more recent perl is enforcing something that it wasn't before.

Still valid.

PR: https://github.com/squid-cache/squid/pull/284

This is fixed in disco, which ships squid 4.

Hm, this is complicated to manage in lp. Cosmic has the package "squid" (not squid3), and is affected. Disco has "squid" but is NOT affected.

Xenial and Bionic have "squid3", and are affected.

Cosmic has reached EOL in 2019; Xenial has entered ESM last year. Therefore, making this bug as Won't Fix for both.

Thank you for working on this!

I agree this is a trivial fix that is unlikely to impact anything outside of the feature that is already broken.

However, I think it's fair to say that this is fixing a feature that is in a really obscure corner of use cases. Is there even a single user who will benefit from this SRU today? If yes, then I'm happy to accept this upload. But if no then I'm reluctant. Every SRU comes at a cost. There is some regression risk in the act of rebuilding itself. But there is also cost in that it is frustrating for users to receive a deluge of updates every week - in download size and time, in local risk and downtime during service restarts, and so on.

> [Where problems could occur]

> Since the authentication is now able to continue without crashing, problems could occour further down in the script. This could include modifications to the POP3 server used for authentication.

This was also my thought on reading your Test Plan. I appreciate you identifying this limitation!

Due to the cost to users, if we are going to fix this obscure use case, I would like at a minimum to confirm that we are actually fixing this feature all the way through such that the feature actually works. I want to avoid fixing this now, forcing unaffected users to update, and later finding that the actual feature doesn't fully work and forcing them to update again to fix that again.

Conclusions:

1) Please figure out a Test Plan that fully tests the feature, rather than just getting past this single failure. This requirement might mean that it's not worth the work effort in continuing until we have at least one user confirming they would benefit from landing this fix. In that case I think it would be fine to wait until that happens.

2) I'm going to mark this bug block-proposed-bionic so that it doesn't land until/unless at least one real user is confirmed still affected, or if there's a case made for a practical chance that a user will be affected in the future (seems unlikely on Bionic with Jammy just round the corner now). SRU verification can continue as normal, and after that if there's a security or other update necessary then the fix can be bundled with that so as not to cause any additional unaffected user impact.

If any user is still affected by this bug in 18.04 and would benefit from it being fixed, then your feedback would be appreciated. Please speak up!

An upload of squid3 to bionic-proposed has been rejected from the upload queue for the following reason: "There don't seem to be any users affected by this bug. If they turn up we can always accept the package from the rejected queue.".