[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Latest openssl 1.0.2 for Jessie backports

On Wed, 28 Jun 2017, Jan Ingvoldstad wrote:

> As I understand it, backporting OpenSSL 1.1.0, which would seem to be
> the alternative, has wider ranging consequences:

Backporting *any* OpenSSL has massive impact on anything using it
*and* massive security implications (as in, how fast can you provide
backported fixes?).

Furthermore, it also impacts others’ backports. Maintainers know how
to patch their applications for the OpenSSL from stable and testing,
but to introduce something else into the mix…?

With a high-profile package like OpenSSL, I’d personally like to see
no backport at all, but in any case not without the maintainer (in
sid) agreeing, due to the dangers involved.

tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

Reply to: