[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OpenSSL 1.1.0

On Tue, Nov 15, 2016 at 07:03:28PM +1100, Scott Leggett wrote:
> On 2016-11-15.00:16, Adrian Bunk wrote:
> > Bugs like "With Kurt's patch, apache2 crashes on startup with an invalid free." 
> > or #843988 will be a common sight on the list of RC bugs for several
> > months in any scenario with OpenSSL 1.1 as default.
> >
> > ...
> >
> > 2. move the stretch release schedule by 6-12 months to have
> >    only OpenSSL 1.1 in stretch
> 
> So with OpenSSL 1.1 in stretch, the release schedule is going to move by
> 6-12 months regardless?

Shipping OpenSSL 1.1 as security-supported technology preview in stretch,
and a few packages that both work with OpenSSL 1.1 and do not have 
inter(r)dependencies with packages that don't work properly with OpenSSL 
1.1 could use it - that would be possible without negative impact on the 
release schedule.

> Regards,
> Scott.

cu
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed
Reply to: