Re: Will Packaging BoringSSL Bring Any Trouble to the Security Team?

The Android SDK is really probably more like Eclipse. About 5 years of support, they are still maintaining Android 2.3.3 to some degree and that's at least 5 years old. https://android.stackexchange.com/a/84816 Also, the security profile is relatively low risk for the Android SDK in general: *

Re: Will Packaging BoringSSL Bring Any Trouble to the Security Team?

BoringSSL is just a part of the Android SDK. It has an unstable API because it is only the C backing to a single Java library called conscrypt. That library is in turn only used as part of the Android SDK. Using the upstream build system, all of the source code is checked out at once from many

Re: Will Packaging BoringSSL Bring Any Trouble to the Security Team?

My opinion might not mean much, but as a user, I agree with this. If i'm installing from the stable depository, we expect certain things from packages there and everything must be held to those guidelines. And mostly if we are using it from unstable, we are hoping to see it evolve into being put

Re: Will Packaging BoringSSL Bring Any Trouble to the Security Team?

On Tue, May 17, 2016 at 04:02:37PM +0800, seamli...@gmail.com wrote: BoringSSL is also free software, as long as there are maintainers who are willing to spend time on it, I think it has rights to exist in Debian. Well I have been contributing to Debian for not long, so please point me out my

Re: Will Packaging BoringSSL Bring Any Trouble to the Security Team?

Hi all, Sorry for posting to a general channel. I didn't know that :( BoringSSL is also free software, as long as there are maintainers who are willing to spend time on it, I think it has rights to exist in Debian. Well I have been contributing to Debian for not long, so please point me out my

Re: Will Packaging BoringSSL Bring Any Trouble to the Security Team?

Just wanted to tell that I am quite happy not to have boringSSL in Debian - main. I think it is depeerable there apart from the security risk of adopting the SSL package from a company which was largely funded by intelligence services and the Pentagon. I would rather like to see OpenBSD`s

Re: Will Packaging BoringSSL Bring Any Trouble to the Security Team?

Moritz Mühlenhoff wrote: >> are introducing BoringSSL, a fork of OpenSSL by Google. The latest >> Android OS and its SDK no longer use OpenSSL and they use some APIs >> only provided by BoringSSL, hence we are bringing BoringSSL to Debian. >> You can see the ITP at

Re: Will Packaging BoringSSL Bring Any Trouble to the Security Team?

殷啟聰 schrieb: > Dear Debian Security Team, Our contact address is t...@security.debian.org, not debian-security... > The "android-tools" packaging team > > are introducing BoringSSL, a

Will Packaging BoringSSL Bring Any Trouble to the Security Team?

Dear Debian Security Team, The "android-tools" packaging team are introducing BoringSSL, a fork of OpenSSL by Google. The latest Android OS and its SDK no longer use OpenSSL and they use some APIs only