Thanks very much for this complete answer and apologies for using the
term "bug completeness": I meant "feature stability" (with bugs being on
the arguably negative side of that term -- and this discussion being one
regarding a bug).
Clearly there's more users (valuing stability) than developers (
Thanks for this explanation, Seth. Very good to know--from a security
perspective. A bit less satisfying from a functionality perspective,
particularly given the assurance by Matt from the OpenSSL team above.
I do understand though that you're aiming for "bug completeness" to
support those that re
Fine for me -- I'm working around this (not using Ubuntu for CI any more
and/or using/building less buggy OpenSSL releases for CI).
> if it's time to re-visit that practice of not updating through minor
openssl versions; it's risky to try.
What risks do you see? I find it much more risky _not_ to
Thanks for trying to reproduce this. A crash can only be triggered with
two providers active. Your command "OPENSSL_MODULES=_build/lib/
OPENSSL_CONF=scripts/o-ca.cnf ./.local/bin/openssl version" is not quite
conclusive: The config file "o-ca.cnf" doesn't look right. Please verify
that your setup c
Public bug reported:
Full bug report at https://github.com/openssl/openssl/issues/20981
No upstream impact: OpenSSL 3.0.9-dev does not contain the problem any
more.
** Affects: openssl (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you ar
5 matches
Mail list logo