Re: Will OpenSSL 1.1l be back ported to 2021Q2?

To: "pkgsrc-users%netbsd.org@localhost" <pkgsrc-users%netbsd.org@localhost>
Subject: Re: Will OpenSSL 1.1l be back ported to 2021Q2?
From: Joerg Sonnenberger <joerg%bec.de@localhost>
Date: Tue, 7 Sep 2021 23:21:06 +0200

On Tue, Sep 07, 2021 at 03:32:46PM -0500, J. Lewis Muir wrote:
> This is sad, IMO.  An open-source project has certain responsibilities
> when it comes to security.  NetBSD, for example, has a security team,
> and the security team addresses discovered security vulnerabilities
> for the supported branches and releases security advisories.  It seems
> irresponsible for the pkgsrc project to say that there are only 30 days
> left in Q2, it's a pain to fix it, so we won't.

You are ignoring that OpenSSL tiny updates have a long history of
breaking random things. They *always* need a careful studying of the
diff to make sure they didn't completely %^$^$ the ABI. So yeah, for a
CVE that most people will not have to care about, it can be difficult to
find the motivation and time.

Joerg

Follow-Ups:
- Re: Will OpenSSL 1.1l be back ported to 2021Q2?
  - From: J. Lewis Muir

References:
- Will OpenSSL 1.1l be back ported to 2021Q2?
  - From: Morgan, Iain (ARC-TN)[InuTeq, LLC]
- Re: Will OpenSSL 1.1l be back ported to 2021Q2?
  - From: Morgan, Iain (ARC-TN)[InuTeq, LLC]
- Re: Will OpenSSL 1.1l be back ported to 2021Q2?
  - From: Greg Troxel
- Re: Will OpenSSL 1.1l be back ported to 2021Q2?
  - From: J. Lewis Muir

Prev by Date: Re: Will OpenSSL 1.1l be back ported to 2021Q2?
Next by Date: Re: Will OpenSSL 1.1l be back ported to 2021Q2?
Previous by Thread: Re: Will OpenSSL 1.1l be back ported to 2021Q2?
Next by Thread: Re: Will OpenSSL 1.1l be back ported to 2021Q2?
Indexes:

Home | Main Index | Thread Index | Old Index