pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Will OpenSSL 1.1l be back ported to 2021Q2?



"J. Lewis Muir" <jlmuir%imca-cat.org@localhost> writes:

> I didn't read the CVE, but I assumed that since Iain said it was given
> a "high rating," it would affect a lot of people.  Anyway, even if it
> wouldn't affect many people, I would still think it should be addressed,
> but as I said above, if upstream has a problem with making patch
> releases that break ABI backward compatibility, that's a very difficult
> situation, and I don't see a good way to deal with that, and I don't
> think the responsibility should fall on pkgsrc developers.

There's an important point here that your language is mischaracterizing.

Pkgsrc the project imposes an expectation of people that work within it
that they will not make changes that cause serious breakage.  We do
*not* have any imposed expecatations that anyone will do any particular
work to achieve any goals.  However, we have a history where this
frequently happens.

So pkgsrc does not have a responsibility to users to do updates, and in
particular no individual has a responsibility to TNF of any user of
pkgsrc to take any affirmative step.  I see assertions of such
responsibilty as contrary to Free Software norms and dangerous.

pkgsrc is Free Software, without warranty.  If a user of software wants
to have their expecttations met in a guaranteed manner, they should hire
someone to do that for them, and that's outside the scope of this list
and the project.

Attachment: signature.asc
Description: PGP signature



Home | Main Index | Thread Index | Old Index