[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Should our openssl/fixed not have more fixin's by now?
From: |
Tobias Geerinckx-Rice |
Subject: |
Should our openssl/fixed not have more fixin's by now? |
Date: |
Wed, 11 Sep 2019 19:05:26 +0200 |
Guix,
1 CVE patch since 1.0.2p seems suspiciously low to me. I hope I'm
wrong. In any case, there are new ones[0].
Me on IRC:
“I'd like to fix some CVEs in openssl, but it's not clear to me
whether ‘letter releases’ are supposed to be ABI-compatible or
not. It would be a big jump (1.0.2p → 1.0.2t), and our current
openssl/fixed is just 1.0.2p + 1 patch, so I doubt it. But
cherry-picking patches is proving too painful [for me].”
…mainly because I'm not that familiar with OpenSSLs release/git
habits.
Kind regards,
T G-R
[0]: https://www.openssl.org/news/cl102.txt
signature.asc
Description: PGP signature
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Should our openssl/fixed not have more fixin's by now?,
Tobias Geerinckx-Rice <=