Thomas and Marc, thanks for the guidance and time spent here. :)
I'll look into the SRU process.
--
You received this bug notification because you are a member of Ubuntu
Backporters, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2003903
Title:
[BPO] openssl/3.0.5-2ubu
I've discussed this with mapreri who is another person on the
backporters team.
Given the API/ABI changes that happen during OpenSSL microreleases that
break packages integrations AND that this will add a security delta
(-backports doesn't receive Security Team support so if they change and
patch
Minor OpenSSL releases have historically introduced a whole lot of
behaviour and API changes that required fixing dozens of other packages
in the archive. I don't recommend putting 3.0.5 in backports.
What I suggest is to actually SRU the 3-4 commits that fix
SSL_OP_LEGACY_SERVER_CONNECT to the ve
Mark, are you asking this to be backported in -backports or in -updates
and -security? This is one of the packages that if we do this in
-backports any security patches applied by the Security team for OpenSSL
in -security and -updates would be ignored with the higher version of
this in -backports
OpenSSL is one of those tricky things out there I would like to get a
Security insight for before we do any kind of backporting of it.
There's other things this could impact, backports or not.
--
You received this bug notification because you are a member of Ubuntu
Backporters, which is subscribe