1 * Give the security team a change to comment on the included code from
2 wpa_supplicant. There's really no other way; their ABI is not
3 stable enough that it would make sense to build eap shared libraries
4 out of the wpa_supplicant package. The code is relatively stable,
5 and I think this is the best approach but the security team should
8 * Confirm there are not security fixes we need to pull in from wpa_supplicant.
10 * Not a release blocker for jessie although the security fix
11 confirmation above certainly is. Upgrade to latest wpa_supplicant.
12 We have a procedure for doing that (subtree merge of our git master
13 branch), but we have higher priorities before the jessie freeze.