Re: OpenSSL 1.1.0

To: Adrian Bunk <bunk@stusta.de>
Cc: debian-devel@lists.debian.org
Subject: Re: OpenSSL 1.1.0
From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Wed, 16 Nov 2016 00:15:39 +0100
Message-id: <[🔎] 20161115231538.ket2ziy6mcgfxtxk@breakpoint.cc>
In-reply-to: <[🔎] 20161114221614.s7unwm7v7axkhwc4@bunk.spdns.de>
References: <20160611123036.GA8321@roeckx.be> <[🔎] 08f61c5c-f711-67c9-fc56-c06a5df09868@bzed.de> <[🔎] 1479126404.3441753.787032041.59FC5B5E@webmail.messagingengine.com> <[🔎] 9305320.iY2l6Dq22s@tonks> <[🔎] 20161114155104.kq35t2doyuspqj4z@bongo.bofh.it> <[🔎] e31aa628-9885-2403-bded-d9823f517df6@thykier.net> <[🔎] 20161114221614.s7unwm7v7axkhwc4@bunk.spdns.de>

On 2016-11-15 00:16:14 [+0200], Adrian Bunk wrote:
> And since 80% of all OpenSSL-using packages in unstable are still
> using libssl1.0.2 (binNMUs have not yet happened), all runtime
> issues observed so far are only the tip of the iceberg.
> Bugs like "With Kurt's patch, apache2 crashes on startup with an invalid free." 
> or #843988 will be a common sight on the list of RC bugs for several
> months in any scenario with OpenSSL 1.1 as default.
Are you afraid of bugs or that nobody will look after them? Can't speak
for apache but #843988 got patched and so did #843532.

Sebastian

Reply to:

Follow-Ups:
- Re: OpenSSL 1.1.0
  - From: Adrian Bunk <bunk@stusta.de>

References:
- Re: OpenSSL 1.1.0
  - From: Bernd Zeimetz <bernd@bzed.de>
- Re: OpenSSL 1.1.0
  - From: Ondřej Surý <ondrej@sury.org>
- Re: OpenSSL 1.1.0
  - From: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>
- Re: OpenSSL 1.1.0
  - From: md@Linux.IT (Marco d'Itri)
- Re: OpenSSL 1.1.0
  - From: Niels Thykier <niels@thykier.net>
- Re: OpenSSL 1.1.0
  - From: Adrian Bunk <bunk@stusta.de>

Prev by Date: Re: OpenSSL 1.1.0 / transition process
Next by Date: Re: OpenSSL 1.1.0 / transition process
Previous by thread: Re: OpenSSL 1.1.0
Next by thread: Re: OpenSSL 1.1.0
Index(es):
- Date
- Thread