OpenSSL is one of those tricky things out there I would like to get a
Security insight for before we do any kind of backporting of it.
There's other things this could impact, backports or not.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
Mark, are you asking this to be backported in -backports or in -updates
and -security? This is one of the packages that if we do this in
-backports any security patches applied by the Security team for OpenSSL
in -security and -updates would be ignored with the higher version of
this in -backports
Minor OpenSSL releases have historically introduced a whole lot of
behaviour and API changes that required fixing dozens of other packages
in the archive. I don't recommend putting 3.0.5 in backports.
What I suggest is to actually SRU the 3-4 commits that fix
SSL_OP_LEGACY_SERVER_CONNECT to the ve
I've discussed this with mapreri who is another person on the
backporters team.
Given the API/ABI changes that happen during OpenSSL microreleases that
break packages integrations AND that this will add a security delta
(-backports doesn't receive Security Team support so if they change and
patch
Thomas and Marc, thanks for the guidance and time spent here. :)
I'll look into the SRU process.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/2003903
Title:
[BPO] opens
5 matches
Mail list logo
