But you do realize that all versions prior to 1.0.2 are PITA to code
developers?
I.e. the hostname validation, the very basic feature, needs to be
implemented with creepy hacks for OpenSSL before 1.0.2.
https://wiki.openssl.org/index.php/Hostname_validation
--
You received this bug
Ubuntu doesn't typically update to newer software versions. Like most
other Linux distros, we backport security patches to the versions of
software we ship, whether or not there is still upstream support for it.
--
You received this bug notification because you are a member of Ubuntu
Touch
>From https://www.openssl.org/policies/releasestrat.html
Support for version 1.0.1 will cease on 2016-12-31. No further releases
of 1.0.1 will be made after that date. Security fixes only will be
applied to 1.0.1 until then.
How is Ubuntu going to deal with that? Both Precise and Trusty
I strongly doubt there will be an official effort to backport OpenSSL
1.0.2 for 14.04 LTS; it would not be feasible to replace the existing
1.0.1f-derived packages with 1.0.2-derived packages, and duplicating
packages would add to the maintenance burden.
16.04 LTS's openssl package is based on a
** Changed in: openssl (Ubuntu)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1596693
Title:
OpenSSL 1.0.2 for trusty
Status in openssl
5 matches
Mail list logo