I've discussed this with mapreri who is another person on the
backporters team.
Given the API/ABI changes that happen during OpenSSL microreleases that
break packages integrations AND that this will add a security delta
(-backports doesn't receive Security Team support so if they change and
patch a CVE in -security or -updates it remains unpatched in -backports
which introduces a significant Security risk.
Additionally, if it's only 3 or 4 commits to fix
SSL_OP_LEGACY_SERVER_CONNECT then you need to follow the SRU process,
not the Backports process.
Rejecting this backport as "Won't Fix" due to the aforementioned
reasons. Additionally, the Backporters Team are going to blacklist
`openssl` for backport requests unless it comes from Security at this
time.
** Changed in: openssl (Ubuntu)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Backporters, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2003903
Title:
[BPO] openssl/3.0.5-2ubuntu2 from kinetic
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2003903/+subscriptions
--
ubuntu-backports mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
