Should our openssl/fixed not have more fixin's by now?

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Should our openssl/fixed not have more fixin's by now?

From:	Tobias Geerinckx-Rice
Subject:	Should our openssl/fixed not have more fixin's by now?
Date:	Wed, 11 Sep 2019 19:05:26 +0200

Guix,

1 CVE patch since 1.0.2p seems suspiciously low to me. I hope I'mwrong. In any case, there are new ones[0].


Me on IRC:

“I'd like to fix some CVEs in openssl, but it's not clear to mewhether ‘letter releases’ are supposed to be ABI-compatible ornot. It would be a big jump (1.0.2p → 1.0.2t), and our currentopenssl/fixed is just 1.0.2p + 1 patch, so I doubt it. Butcherry-picking patches is proving too painful [for me].”

…mainly because I'm not that familiar with OpenSSLs release/githabits.


Kind regards,

T G-R

[0]: https://www.openssl.org/news/cl102.txt

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Should our openssl/fixed not have more fixin's by now?, Tobias Geerinckx-Rice <=

Prev by Date: {bioinformatics,bioconductor}.scm cleaning?
Next by Date: Re: WIP Guix Cookbook
Previous by thread: {bioinformatics,bioconductor}.scm cleaning?
Next by thread: shepherd services have unwanted environment variables
Index(es):
- Date
- Thread