Hello, Ludovic Courtès <[email protected]> ezt írta (időpont: 2019. ápr. 16., K 22:17):
> Hello! > > Christopher Lemmer Webber <[email protected]> skribis: > > > From the openssl website: > > > >> Note: The latest stable version is the 1.1.1 series. This is also our > >> Long Term Support (LTS) version, supported until 11th September > >> 2023. Our previous LTS version (1.0.2 series) will continue to be > >> supported until 31st December 2019 (security fixes only during the > >> last year of support). The 1.1.0 series is currently only receiving > >> security fixes and will go out of support on 11th September 2019. All > >> users of 1.0.2 and 1.1.0 are encouraged to upgrade to 1.1.1 as soon as > >> possible. The 0.9.8, 1.0.0 and 1.0.1 versions are now out of support > >> and should not be used. > > > > I know, everyone's going to groan hearing this, but maybe given the > > above it would make sense to upgrade to the openssl 1.1.0 series before > > Guix 1.0 gets out the door? > > Indeed, I was under the assumption that 1.0 was still the stable > version, but apparently it’s not. > > What do Leo and others think? > I would go for the upgrade. As this is a change affecting lots of packages, and this upgrade would allow us to reduce the chances to stuck with a vulnerable version. I also suppose, that there areg- some changes on core-updates we would like to merge anyways before 1.0, so if the upgrade goes smoothly, then this is not a big loss of time. Wdyt? > > Thanks for the heads-up! > > Ludo’. > Best regards, g_bor > >
