Bug#802159: New OpenSSL upstream version

[Don Armstrong <don@debian.org>]

On Sat, 31 Oct 2015, Kurt Roeckx wrote:
> On Fri, Oct 30, 2015 at 02:38:13PM -0700, Don Armstrong wrote:
> > On Tue, 20 Oct 2015, Don Armstrong wrote:
> > > If there's something specific that you'd like the CTTE to try to do
> > > beyond what I've just reported now, let me know.
> > 
> > Let me know if you'd like the CTTE to do something beyond what I've
> > already done.
> 
> I guess I would like to know what the options are.  The way I see
> it:
> - The release team makes a decision
> - The release team asks someone else to make the decision

If the SRMs want to delegate their decision to the CTTE in this specific
case, they can, and then the CTTE would be able to decide.

> - Someone makes a policy of what is acceptable, not the current
> situtation where there don't seem to be any rules.

This doesn't require the CTTE itself, though certainly we could be
tasked with suggesting a policy. I'd much rather have the SRMs task a
specific individual with this, though.

In this specific case, the specific set of changes which have been made,
coupled with documenting the policy of upstream for testing and making
changes to openssl would be a good start.

This is necessary for the SRMs (or CTTE if delegated) to decide, and
would be a basis for someone else developing a policy for newer upstream
revisions in stable.

-- 
Don Armstrong                      http://www.donarmstrong.com

An elephant: A mouse built to government specifications.
 -- Robert Heinlein _Time Enough For Love_ p244