> Moritz Muehlenhoff writes:
> This is clearly not ideal,
Many would argue that it is ideal.
-JimC
--
James Cloos OpenPGP: 0x997A9F17ED7DAEA6
Hi,
we've discussed the topic of handling this particular bug at the Debian Security
Team sprint and discussing the various non-optimal solutions we feel embedding
libressl into the openssh package is the last disagreeable solution.
- We clearly need openssh in buster
- We clearly don't want
On Sun, Oct 15, 2017 at 09:38:50PM +0200, Sebastian Andrzej Siewior wrote:
> On 2017-10-13 15:30:13 [+0100], Colin Watson wrote:
> > That's basically the last I recall hearing, and that they were trying to
> > put pressure on OpenSSL upstream.
>
> I pinged upstream about the situation. I'm not
On Fri, Oct 13, 2017 at 01:26:45PM +0200, Sebastian Andrzej Siewior wrote:
> On 2017-10-13 01:21:35 [+0100], Colin Watson wrote:
> > I'm sorry, but reminders or not, at this time I do not intend to move to
> > 1.1 in advance of upstream; I consider that far too risky a change (it's
> > a
On 2017-10-13 01:21:35 [+0100], Colin Watson wrote:
> I'm sorry, but reminders or not, at this time I do not intend to move to
> 1.1 in advance of upstream; I consider that far too risky a change (it's
> a ~4000-line patch to security-critical code, IIRC). If you want to
> lobby for this, you
Hi,
this is a remainder about the openssl transition [0]. We really want to
remove libssl1.0-dev from unstable for Buster. I will raise the severity
of this bug to serious in a month. Please react before that happens.
[0] https://bugs.debian.org/871056#55
Sebastian
6 matches
Mail list logo