Bug#828475: openssh: Please migrate to openssl1.1 in Buster

> Moritz Muehlenhoff writes: > This is clearly not ideal, Many would argue that it is ideal. -JimC -- James Cloos OpenPGP: 0x997A9F17ED7DAEA6

Bug#828475: openssh: Please migrate to openssl1.1 in Buster

Hi, we've discussed the topic of handling this particular bug at the Debian Security Team sprint and discussing the various non-optimal solutions we feel embedding libressl into the openssh package is the last disagreeable solution. - We clearly need openssh in buster - We clearly don't want

Bug#828475: openssh: Please migrate to openssl1.1 in Buster

On Sun, Oct 15, 2017 at 09:38:50PM +0200, Sebastian Andrzej Siewior wrote: > On 2017-10-13 15:30:13 [+0100], Colin Watson wrote: > > That's basically the last I recall hearing, and that they were trying to > > put pressure on OpenSSL upstream. > > I pinged upstream about the situation. I'm not

Bug#828475: openssh: Please migrate to openssl1.1 in Buster

On Fri, Oct 13, 2017 at 01:26:45PM +0200, Sebastian Andrzej Siewior wrote: > On 2017-10-13 01:21:35 [+0100], Colin Watson wrote: > > I'm sorry, but reminders or not, at this time I do not intend to move to > > 1.1 in advance of upstream; I consider that far too risky a change (it's > > a

Bug#828475: openssh: Please migrate to openssl1.1 in Buster

On 2017-10-13 01:21:35 [+0100], Colin Watson wrote: > I'm sorry, but reminders or not, at this time I do not intend to move to > 1.1 in advance of upstream; I consider that far too risky a change (it's > a ~4000-line patch to security-critical code, IIRC). If you want to > lobby for this, you

Bug#828475: openssh: Please migrate to openssl1.1 in Buster

Hi, this is a remainder about the openssl transition [0]. We really want to remove libssl1.0-dev from unstable for Buster. I will raise the severity of this bug to serious in a month. Please react before that happens. [0] https://bugs.debian.org/871056#55 Sebastian