[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Latest openssl 1.0.2 for Jessie backports

On Wed, 28 Jun 2017, Sebastian Andrzej Siewior wrote:

> Hi,
> I uploaded openssl_1.0.2l-1~bpo8+1 to jessie backports which got
> rejected because this version is not in stable. The stretch backports
> announcement said "From time to time … please talk to us on the list
> **before** upload the package.". So technically it is after but here I
> am :)
> In stable we have the source package openssl which contains the 1.1
> branch of openssl and the source package openssl1.0 which contains the
> 1.0.2 branch of openssl. For Jessie backports we would need to keep
> uploading the 1.0.2 branch as the openssl package.
> It is the same upstream source as in the openssl1.0 package.  The
> package is not identical to the openssl1.0 source package for a few
> reasons:
> - in backports we need to provide a different binary package for the
>   library (libssl1.0.2 vs libssl1.0.0) 
> - we also need to provide the openssl binary package (which is not
>   provided by the openssl1.0 source package but by openssl in stable).
> - in stable we disable RC4 and 3DES from the SSL suite. We can't do this
>   for Jessie because people will come screaming (they did after the
>   change made it to Stretch).
> This backport is meant as a drop-in replacement for openssl package in
> Jessie which provides additional features like ALPN (used by nginx bpo).
I don't see any reasoning for such a big exeception.
Why do you need that, for what? Currently I don't think it is a good idea and
openssl is not just a simple package.


Reply to: