pkgsrc-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Will OpenSSL 1.1l be back ported to 2021Q2?
On Tue, Sep 07, 2021 at 03:32:46PM -0500, J. Lewis Muir wrote:
> This is sad, IMO. An open-source project has certain responsibilities
> when it comes to security. NetBSD, for example, has a security team,
> and the security team addresses discovered security vulnerabilities
> for the supported branches and releases security advisories. It seems
> irresponsible for the pkgsrc project to say that there are only 30 days
> left in Q2, it's a pain to fix it, so we won't.
You are ignoring that OpenSSL tiny updates have a long history of
breaking random things. They *always* need a careful studying of the
diff to make sure they didn't completely %^$^$ the ABI. So yeah, for a
CVE that most people will not have to care about, it can be difficult to
find the motivation and time.
Joerg
Home |
Main Index |
Thread Index |
Old Index