Thanks for your feedback Michael, We're not going to be updating to mainline OpenSSL in Ubuntu on their release schedule. Every minor point release from OpenSSL invariably includes either ABI changes that would require recompiling all software that links against OpenSSL or other regressions that break existing users.
Over the years we have had far more reliable results backporting specific security fixes as they are prepared. Many other vendors feel the same: https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions https://www.debian.org/security/faq#version https://wiki.centos.org/FAQ/General#head-3dad8cb98ac535185e58e882a23ca4b096cbff2f https://access.redhat.com/security/updates/backporting Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1649657 Title: OpenSSL version is not dependable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1649657/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
