On 02/12/2018 11:08 PM, robert_jos...@selinc.com wrote:
I'm working with the pyro release, and noticed that it's still using openssl 1.0.2k. The latest version in the 1.0.2 series is 1.0.2n, which is already available on master. Is there a reason that the newer version hasn't made it back to pyro (or rocko, which is on 1.0.2m)? I know new package versions are not normally backported, but looking at the change log, I only see one change mentioned that is not a CVE fix (the 1.0.2l release): > I can send patches to bring 1.0.2n to rocko and pyro if they will be accepted.
Yes please. The reason is that users of stable releases should take care of them too; the core team does not have the resources to do it for the users.
Alex -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core