Re: Will Packaging BoringSSL Bring Any Trouble to the Security Team?

To: debian-security@lists.debian.org
Subject: Re: Will Packaging BoringSSL Bring Any Trouble to the Security Team?
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Fri, 13 May 2016 08:44:04 +0200
Message-id: <[🔎] slrnnjattk.jm1.jmm@inutil.org>
References: <[🔎] CAKxyyfY1a68Jv=H1qwhGQtLSu2juwGuXa+XTRy_15SHbS4_jZQ@mail.gmail.com>

殷啟聰 <seamlikok@gmail.com> schrieb:
> Dear Debian Security Team,

Our contact address is team@security.debian.org, not debian-security...

> The "android-tools" packaging team
><https://qa.debian.org/developer.php?login=android-tools-devel%40lists.alioth.debian.org>
> are introducing BoringSSL, a fork of OpenSSL by Google. The latest
> Android OS and its SDK no longer use OpenSSL and they use some APIs
> only provided by BoringSSL, hence we are bringing BoringSSL to Debian.
> You can see the ITP at <https://bugs.debian.org/823933>.

No, that's not acceptable. You can try to provide that additional APIs
on top of OpenSSL, but we're not going to support an entire OpenSSL
fork just for Google's NIH syndrome.

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Re: Will Packaging BoringSSL Bring Any Trouble to the Security Team?
  - From: Moritz Mühlenhoff <jmm@inutil.org>
- Re: Will Packaging BoringSSL Bring Any Trouble to the Security Team?
  - From: Elmar Stellnberger <estellnb@gmail.com>

References:
- Will Packaging BoringSSL Bring Any Trouble to the Security Team?
  - From: 殷啟聰 <seamlikok@gmail.com>

Prev by Date: Will Packaging BoringSSL Bring Any Trouble to the Security Team?
Next by Date: bug reports for grub need to be re-posted
Previous by thread: Will Packaging BoringSSL Bring Any Trouble to the Security Team?
Next by thread: Re: Will Packaging BoringSSL Bring Any Trouble to the Security Team?
Index(es):
- Date
- Thread