Re: OpenSSL 1.1.0

To: debian-devel@lists.debian.org
Subject: Re: OpenSSL 1.1.0
From: Adrian Bunk <bunk@stusta.de>
Date: Sat, 19 Nov 2016 00:19:53 +0200
Message-id: <[🔎] 20161118221953.dyxjuuc5s76xcplf@bunk.spdns.de>
In-reply-to: <[🔎] slrno2us9j.sfl.jmm@inutil.org>
References: <20160611123036.GA8321@roeckx.be> <[🔎] 9305320.iY2l6Dq22s@tonks> <[🔎] 20161114155104.kq35t2doyuspqj4z@bongo.bofh.it> <[🔎] 26896860.QpDLQxGf40@tonks> <[🔎] 20161115143453.ggkkubp3wg2cpznt@bunk.spdns.de> <[🔎] slrno2s94p.32l.jmm@inutil.org> <[🔎] 20161117230225.syjmiux7yi7ajveu@bunk.spdns.de> <[🔎] slrno2us9j.sfl.jmm@inutil.org>

On Fri, Nov 18, 2016 at 10:22:59PM +0100, Moritz Mühlenhoff wrote:
> Adrian Bunk <bunk@stusta.de> schrieb:
> > And/or get sponsorship from companies for supporting ChaCha20-patched 
> > 1.0.2
> 
> It's not a matter of whipping up some patch; anything less than an
> official backport of chacha20 into a 1.0.2x release is not going
> to be supportable.

Supporting 1.1.0 in addition to 1.0.2, including 2 years of supporting 
1.1.0 after upstream support for it ended - it is confirmed that Debian
is able and willing to support that.

Supporting 1.0.2 only [1] plus chacha20 patched into that - it is not 
obvious to me why this would be that much worse in comparison that
it would not be an option under any circumstances.

Whether it is the best available option is a separate question.

My current preference would be stretch 1.0.2-only[2], and an early 
buster a year later[3] if Fedora manages to make a release with 1.1
in June.

With dual 1.0.2/1.1 not working in the current release schedule,
what is your preferred solution?

> Cheers,
>         Moritz

cu
Adrian

[1] which should see a lot less code changes now that upstream
    is focussing on 1.1 and later
[2] with or without ChaCha20 patched
[3] my preference, whether the release team would agree I do not know

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

Reply to:

Follow-Ups:
- Re: OpenSSL 1.1.0
  - From: Moritz Mühlenhoff <jmm@inutil.org>

References:
- Re: OpenSSL 1.1.0
  - From: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>
- Re: OpenSSL 1.1.0
  - From: md@Linux.IT (Marco d'Itri)
- Re: OpenSSL 1.1.0
  - From: Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>
- Re: OpenSSL 1.1.0
  - From: Adrian Bunk <bunk@stusta.de>
- Re: OpenSSL 1.1.0
  - From: Moritz Mühlenhoff <jmm@inutil.org>
- Re: OpenSSL 1.1.0
  - From: Adrian Bunk <bunk@stusta.de>
- Re: OpenSSL 1.1.0
  - From: Moritz Mühlenhoff <jmm@inutil.org>

Prev by Date: Re: testing OpenSSL 1.1.0 on jessie
Next by Date: Re: Bug#805116: ITP: wifi-switcher
Previous by thread: Re: OpenSSL 1.1.0
Next by thread: Re: OpenSSL 1.1.0
Index(es):
- Date
- Thread