On Wed, Jun 22, 2022 at 02:21:43PM +0000, Lance Lin wrote: > > AFAIK this library is forked from OpenSSL with some extensive > > modifications to support new crypto technologies, do you think we need > > to involve the Security Team to review whether this package can be > > supported during the next stable release cycle? > > Also this project has a planned rename, and I'm a bit concerned this > > could cause some maintenance burden if the rename is not well > > coordinated at the time we accept it into Debian. > > I think any reviews and oversight are a good thing. In making this ITP, > I figured it would cause discussion as it's a "drop-in" replacement for > OpenSSL and the libraries have the same name. I wasn't sure if this was > directly permitted so the ITP is a good place to have the discussion. Have you already designed how will this be packaged to work as a drop-in replacement for libssl3? I see quite a lot of problems with that, both Policy ones and technical ones. -- WBR, wRAR
Attachment:
signature.asc
Description: PGP signature