On 02/12/2018 11:08 PM, robert_jos...@selinc.com wrote:
I'm working with the pyro release, and noticed that it's still using
openssl 1.0.2k. The latest version in the 1.0.2 series is 1.0.2n, which is
already available on master. Is there a reason that the newer version
hasn't made it back to pyro (or rocko, which is on 1.0.2m)? I know new
package versions are not normally backported, but looking at the change
log, I only see one change mentioned that is not a CVE fix (the 1.0.2l
release): > I can send patches to bring 1.0.2n to rocko and pyro if they will be
accepted.

Yes please. The reason is that users of stable releases should take care of them too; the core team does not have the resources to do it for the users.

Alex
--
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Reply via email to