Re: Latest openssl 1.0.2 for Jessie backports
On Wed, 28 Jun 2017, Sebastian Andrzej Siewior wrote:
> Hi,
>
> I uploaded openssl_1.0.2l-1~bpo8+1 to jessie backports which got
> rejected because this version is not in stable. The stretch backports
> announcement said "From time to time … please talk to us on the list
> **before** upload the package.". So technically it is after but here I
> am :)
> In stable we have the source package openssl which contains the 1.1
> branch of openssl and the source package openssl1.0 which contains the
> 1.0.2 branch of openssl. For Jessie backports we would need to keep
> uploading the 1.0.2 branch as the openssl package.
> It is the same upstream source as in the openssl1.0 package. The
> package is not identical to the openssl1.0 source package for a few
> reasons:
> - in backports we need to provide a different binary package for the
> library (libssl1.0.2 vs libssl1.0.0)
> - we also need to provide the openssl binary package (which is not
> provided by the openssl1.0 source package but by openssl in stable).
> - in stable we disable RC4 and 3DES from the SSL suite. We can't do this
> for Jessie because people will come screaming (they did after the
> change made it to Stretch).
>
> This backport is meant as a drop-in replacement for openssl package in
> Jessie which provides additional features like ALPN (used by nginx bpo).
I don't see any reasoning for such a big exeception.
Why do you need that, for what? Currently I don't think it is a good idea and
openssl is not just a simple package.
Alex
Reply to: