[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#802159: New OpenSSL upstream version

On Tue, 20 Oct 2015, Kurt Roeckx wrote:
> So as already pointed out before, since the 1.0.0 release there is a
> new release strategy that in the 1.0.x series, where x doesn't change,
> no new features are added unless it's really needed for either
> security reasons or compatibility reasons. As far as I know between
> the version in oldstable (a patched 1.0.1e) and 1.0.1p only 1 feature
> got added, and people really have been asking for that one.
> OpenSSL upstream also already has a policy that at least 2 people from
> the team should review all the changes. Since there are so many
> changes I don't think it's reasonable for the release team to review
> all of them.

It certainly doesn't seem reasonable to expect the SRMs to review line
by line, but maybe a summary of the changes would help them make a

> The alternative is that I go and cherry pick the important bug fixes.
> By this time there are really a lot that I would like to have in the
> stable releases and I think going that way actually has a higher
> chance of breaking things.


SRMs: what would be the best way for Kurt to move forward? Would a list
of the specific bug fixes and additional features be enough for an
initial yes/no, given the review process upstream?

Don Armstrong                      http://www.donarmstrong.com

There is no more concentrated form of evil
than apathy.

Reply to: