On Fri, May 08, 2026 at 09:07:41AM +0200, Daniel Gustafsson wrote: > Not sure I follow, anyone still building with a X years out of support OpenSSL > will most likely keep doing so regardless of what CVE's are published. It > could of course make backpatching trickier if thats what you mean?
Argh. I've misread you here, reading a "lowest" rather than "highest". Documenting that 3.6 is the highest version support on 14-stable would also work here. My apologies for the confusion. If the patches for REL_14_STABLE to add support for 4.0 prove to be low-risk while messing with 1.0.1, that would the best course of action, of course. -- Michael
signature.asc
Description: PGP signature
