Thank you for requesting this backport. It's not true that anything less than 0.9.8r breaks PCI compliance. It just breaks automated PCI compliance testing. The Ubuntu security team regularly backports patches for OpenSSL to keep the version in Lucid patched for security vulnerabilities. Also, due to not wanting to break people on upgrade, we'd have to backport openssl 1.0 to maverick and natty as well. Since openssl 1.0 has a new ABI, all the reverse dependencies would need to be rebuilt in the backports pocket for the 3 releases as well. This backport brings too much risk, so I'm going to have to mark it won't fix. If you have specific questions about whether or not a security patch has been applied, you can see the Ubuntu Security Notices for Lucid here: http://www.ubuntu.com/usn/lucid/. If you find that a patch might not have been applied that you are expecting, please feel free to E-Mail the Ubuntu Security team at security at ubuntu dot com.
** Changed in: lucid-backports Status: New => Won't Fix -- You received this bug notification because you are a member of Ubuntu Backporters, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/900244 Title: Please backport openssl To manage notifications about this bug go to: https://bugs.launchpad.net/lucid-backports/+bug/900244/+subscriptions -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports