While I don't even pretend to be a security expert, this is a topic that I have 
quite some familiarity with.
Yes, right now OpenSSL 1.0.2 (latest) is still considered "as secure" as 1.1.0 
latest.
I can understand the Qt team delaying this migration for 5.10 as it is quite 
painful.

/D

⁣-- 
From my phone​


-------- Original Message --------
From: Thiago Macieira <thi...@macieira.org>
Sent: Sun Aug 06 05:26:04 GMT+01:00 2017
To: Linus Torvalds <torva...@linux-foundation.org>
Cc: Subsurface Mailing List <subsurface@subsurface-divelog.org>
Subject: Re: Qt 5.9 openssl problems on F26

On Saturday, 5 August 2017 17:07:50 PDT Linus Torvalds wrote:
> You don't use old versions of security software. It's that easy. Not done,
> not acceptable, not a solution.

To be clear: OpenSSL 1.0.2l was released on the very same day as 1.1.0f. Both 
branches are currently maintained.

-- 
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
   Software Architect - Intel Open Source Technology Center

_______________________________________________
subsurface mailing list
subsurface@subsurface-divelog.org
http://lists.subsurface-divelog.org/cgi-bin/mailman/listinfo/subsurface

_______________________________________________
subsurface mailing list
subsurface@subsurface-divelog.org
http://lists.subsurface-divelog.org/cgi-bin/mailman/listinfo/subsurface

Reply via email to