Bug#802159: Bug#765639: Bug#802159: New OpenSSL upstream version
On Tue, 2015-12-15 at 21:19 +0100, Kurt Roeckx wrote:
> On Tue, Dec 15, 2015 at 08:00:59PM +0000, Adam D. Barratt wrote:
> > [dropped explicit CCs to RT and TC members]
> > On Tue, 2015-10-20 at 20:37 +0200, Kurt Roeckx wrote:
> > > On Tue, Oct 20, 2015 at 01:12:42PM -0500, Don Armstrong wrote:
> > > > So from what I'm gathering, this looks like a case where there isn't
> > > > enough eyeballs to adequately review this particularly set of updates,
> > > > coupled with the importance of making sure that these updates are
> > > > correct and don't cause any unintended issues.
> > >
> > > There is always the case that one persons bug is an other persons
> > > feature. But those new upstream versions have been in stable and
> > > testing for a while now without actually breaking anything.
> > (I'm assuming "unstable".)
> I really meant stable. stable has a newer version than oldstable
> from the same 1.0.1 series.
However 1.0.1q hasn't been in stable at all, which is presumably what
you'd be proposing introducing to oldstable at this juncture. (and which
we'd therefore need to introduce to stable first, if we were to agree to
follow that path.)
Admittedly, the description of the changes between 1.0.1k and 1.0.1q,
according to NEWS/CHANGES don't immediately look crazy.