> > The OpenSSL update is a major update (0.9.8m to 1.0.0c) and requires extra > > tests from QA. > > There's a soname bump and the packaging is still based on Fedora spec file. > > > For openssl, why it's needed an upgrade to 1.0.0 branch?
It's the latest release. Nothing special with this update (except it's an important package). > Soname bump means many things might broke silently. Packages will be rebuilt, I don't expect breakage here. Potential breakage is for the packages opening the libraries dynamically (dlopen, etc...). These packages should be fixed. Major distributions has already this version in their development branch. The upgrade seems to be smooth. > And what's final version security would use for openssl, it's just 2 weeks > for feature freeze. IMHO, that's a pro argument. We're still in MM2 period: Most intrusive changes delivered. If we don't submit OpenSSL now, it won't be submitted for MM3: feature freeze, and not for MeeGo 1.2. > > See also http://bugs.meego.com/show_bug.cgi?id=11623, this upgrade is > > required by the security team. CC'ing Ryan. Note: It's a feature accepted by the Core Program Manager for MeeGo 1.2. Cheers, Fathi _______________________________________________ MeeGo-packaging mailing list [email protected] http://lists.meego.com/listinfo/meego-packaging
