Hi, 2017-01-03 4:22 GMT-08:00 Jo-Philipp Wich <j...@mein.io>: > Hi list, > > the mbed TLS project (formerly known as PolarSSL) declared the mbedTLS > 1.3 branch (packaged as "libpolarssl" by LEDE) to be EOL with the end of > the year 2016. [1] > > In order to avoid shipping an outdated and possibly vulnerable SSL > library with the first LEDE release we begun migrating core package > dependencies and default library choices to the "mbedtls" package which > includes the most recent 2.4.0 release of mbedTLS. > > There has been an ongoing discussion in IRC on how to handle the > remaining users of the legacy PolarSSL package and whether to ship this > library with the initial release and remove it later or whether to drop > it now in order to catch potential fallout early. > > Since we didn't want to single-handedly decide this issue in IRC I took > the topic to the list now to facilitate wider feedback. > > Right now there are more or less two approaches proposed: > > a) Keep libpolarssl available for the initial 17.01.0 release and drop > it with the first maintenance release 17.01.1 about 6-8 weeks later > > b) Drop libpolarssl now, even before branching and urge the feed package > maintainers to migrate users of libpolarssl to the libmbedtls variant > > Currently known remaining users of polarssl are: > > * bmx7 > * pianod > * shadowsocks-libev-polarssl > * shairport-sync-mini > * shairport-sync-polarssl > * transmission-cli-polarssl > * transmission-daemon-polarssl > * transmission-remote-polarssl > * umurmur-polarssl > > > Please provide feedback on which approach you'd prefer and if you'd be > affected by the PolarSSL deprecation or not.
you can also mark it @BROKEN, so people can still build it manually without too much effort My 2 cents Etienne > > Regards, > Jo > > > 1: https://tls.mbed.org/tech-updates/releases/mbedtls-2.0.0-released > > _______________________________________________ > lede-adm mailing list > lede-...@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/lede-adm _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev