Your message dated Thu, 5 May 2016 16:58:05 +0200 with message-id <20160505145805.GD2718@betterave.cristau.org> and subject line Re: Bug#765639: Bug#802159: New OpenSSL upstream version has caused the Debian Bug report #765639, regarding wheezy-pu: openssl new upstream version to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 765639: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765639 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: wheezy-pu: openssl new upstream version
- From: Kurt Roeckx <kurt@roeckx.be>
- Date: Thu, 16 Oct 2014 22:12:16 +0200
- Message-id: <20141016201216.GA19478@roeckx.be>
Package: release.debian.org Severity: normal Tags: wheezy User: release.debian.org@packages.debian.org Usertags: pu Hi, I would really like to upload new upstream openssl versions from the 1.0.1-stable branch to wheezy. I've been backporting only the very important security fixes so far, but there are tons of important changes I would like to have in stable and general bug fixes in that branch. There are currently just over 400 commits between the 1.0.1e version and the current 1.0.1j. I would actually like to see at least 50% of those commits in wheezy. In the 0.9.* series new features got added between the "letter" releases. Since 1.0, the branches only get bug fixes and other important changes. This might sometimes include new features like the fallback SCSV in the latest release, but that is to improve security. This would actually make things for me much more simple. I sometimes run into problems because of missing bug fixes that have been done earlier in the branch. And I generaly think that the 1.0.1j version is much better than then 1.0.1e version. Kurt
--- End Message ---
--- Begin Message ---
- To: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 765639-done@bugs.debian.org
- Cc: Kurt Roeckx <kurt@roeckx.be>
- Subject: Re: Bug#765639: Bug#802159: New OpenSSL upstream version
- From: Julien Cristau <jcristau@debian.org>
- Date: Thu, 5 May 2016 16:58:05 +0200
- Message-id: <20160505145805.GD2718@betterave.cristau.org>
- In-reply-to: <1460579809.1831.20.camel@adam-barratt.org.uk>
- References: <20151017203049.GA31760@roeckx.be> <20151020145704.GD4773@geta> <20151020181242.GF4773@geta> <20151020183730.GA12232@roeckx.be> <1450209659.2152.71.camel@adam-barratt.org.uk> <20151215201919.GB29189@roeckx.be> <1450395497.31612.10.camel@adam-barratt.org.uk> <1453790311.1848.32.camel@adam-barratt.org.uk> <20160328174648.GB26194@roeckx.be> <1460579809.1831.20.camel@adam-barratt.org.uk>
On Wed, Apr 13, 2016 at 21:36:49 +0100, Adam D. Barratt wrote: > [CCs adjusted to drop archived TC bug and add team@security] > > On Mon, 2016-03-28 at 19:46 +0200, Kurt Roeckx wrote: > > On Tue, Jan 26, 2016 at 06:38:31AM +0000, Adam D. Barratt wrote: > > > On Thu, 2015-12-17 at 23:38 +0000, Adam D. Barratt wrote: > > > > However 1.0.1q hasn't been in stable at all, which is presumably what > > > > you'd be proposing introducing to oldstable at this juncture. (and which > > > > we'd therefore need to introduce to stable first, if we were to agree to > > > > follow that path.) > > > > > > Picking this up again (I hadn't realised the above was so many weeks > > > ago :-|), updating OpenSSL in Wheezy to anything newer than 1.0.1k > > > really needs a newer upstream version to be in Jessie first. We also > > > likely only have two opportunities to get a package in to "Wheezy > > > proper" before it moves to LTS status - likely a point release in March > > > and then a "mop up" after the EOL of the base suite. > > > > And we're currently already at the end of March ... > > Somehow, yes. :-| In the meantime, my hope that I'd manage to find more > free time appears to have been forlorn, as evidenced by my starting to > write this reply during the 7.10 freeze and its having lurked in my > drafts folder since. Given the timing, I'm inclined to suggest that the > best solution for wheezy might be moving straight to -lts, rather than > waiting for whenever 7.11 might be. > > In the meantime, I tried to cut through the huge diff for Jessie by > applying upstream's indent rules for the mass reformatting, but while > that improves the situation it still leaves a lot of noise, not least > due to changes in comment layout (as they note themselves). Ideally I'd > have liked to trial a point release or two before committing to that > path for the future, but given that we'll always have to take a large > change the first time I'm not sure how feasible that is. > > Assuming that we went ahead with upstream updates to Jessie (and future > supported stable distributions), I'm presuming that the preferred > workflow would be similar to other packages for which we ship upstream > stable trees - via the security archive for issues that merit a DSA, > with lesser severity issues being updated via p-u and thus pushed out to > users as part of a point release. Does that make sense to everyone? > (Does anyone have alternative suggestions?) > Closing this as resolved, there will not be any further updates to wheezy, and jessie updates will be handled in separate bugs. Cheers, JulienAttachment: signature.asc
Description: PGP signature
--- End Message ---