pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [EXTERNAL] Re: Will OpenSSL 1.1l be back ported to 2021Q2?

nia <> writes:

> On Tue, Sep 07, 2021 at 06:24:09PM -0400, Greg Troxel wrote:
>> NetBSD proper has hired a release engineer.  With funding, TNF could
>> probably hire someone to do this sort of work for pkgsrc.
> I don't think lack of release engineers is the problem here,
> pkgsrc developers use current. They kinda have to. So they're
> uninterested in requesting pullups to stable and it simply
> doesn't happen.

That's what I meant.  Personally, I don't use openssl from pkgsrc
stable.  So not only am I not interested in maintaining it, but I can't
really test, without setting up a bunch of environments that I have no
reason to set up.  Probably release engineer is the wrong word, but I
meant something like paying someone to prepare and test pullups that
addressed security isseus in pkgsrc-stable.

> Lately I've seen a handful of security-critical updates where
> the committer never makes a pullup request, so I've been doing
> it myself if I think the update is important.

Thanks.  I have been often trying to do this, if I think it matters and
I am able to convince myself that the update will not be destabilizing,
for updates I make.

Part of the issue is that there are a vast number of CVEs and it's hard
to tell how to prioritize.

> It doesn't help that pkgsrc openssl is mostly a Linux and
> older-NetBSD-releases thing (I think most illumos users are
> using the current branch too).

And mac, but the mac packages from joyent are -current too (which seems
like it is working fine, not a complaint).

Attachment: signature.asc
Description: PGP signature

Home | Main Index | Thread Index | Old Index