pyca/cryptography issues a new release on all platforms for any OpenSSL security releases.
:-), Alex On Wed, Jan 3, 2018 at 7:05 PM, Matt Billenstein <m...@vazor.com> wrote: > On Wed, Jan 03, 2018 at 06:51:21PM -0500, Alex Gaynor wrote: > > If PyPy releases include a copy of OpenSSL (or LibreSSL) then we need > to > > be in the business of issuing new releases whenever upstream has a > > security release, we can't be shipping people OpenSSLs with known > security > > issues. > > To a degree correct? I don't know if everyone who bundles ships every > point > release, but, if it's heartbleed all over again, you need to cut a new > release. > > m > > -- > Matt Billenstein > m...@vazor.com > http://www.vazor.com/ > -- "I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire) "The people's good is the highest law." -- Cicero GPG Key fingerprint: D1B3 ADC0 E023 8CA6
_______________________________________________ pypy-dev mailing list pypy-dev@python.org https://mail.python.org/mailman/listinfo/pypy-dev
