[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Latest openssl 1.0.2 for Jessie backports

On 2017-06-30 11:13:01 [+0200], Micha Lenk wrote:
> Hi Sebastian,
HI Micha,

> I wonder whether there is still any need for a 1.0.2 backport if OpenSSL
> 1.1.0 from stretch were backported instead. Isn't the package for OpenSSL

We need to keep providing 1.0.2 for jessie-bpo due to security related
updates. As I pointed out, this release does not close any security
releated bugs (this is what upstream said) but it might be true for
further releases. So we can't just stop shipping 1.0.2 for Jessie-bpo.
The other way out would be to remove the current Jessie-bpo release of
openssl but as you saw in this thread there were people against it.

> 1.1.0 co-installable with the packages for OpenSSL 1.0.x?

It is but I miss the point. I don't see the need to upload 1.1.0 to
Jessie-bpo. Remember Stretch has a bunch of packages updated for the new
ABI. So amount of possible users in Jessie is close to 0.  And the
openssl binary package breaks at least sendmail on top of my head.

> Regards,
> Micha

Sebastian
Reply to: