could we (0.9.8 users!) expect patch suggestions from the community on
potential vulnerabilities found in 2016, in a best effort approach of course,
without any official release?
The best thing to do will probably be to fork the branch into a new repository on github
and work there. We will not be checking anything into the "official" stable
branch.
I'm sure you're not the only one that will be needing to support 0.9.8 after the
official EOL. RedHat Enterprise Linux 5 comes to mind (supported until 3/2017),
so there will definitely be others providing security related patches.
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
