The cherry-picking of Security patches is a pretty standard practice for stable distributions. Changing the `openssl` CLI tool to output `+patches` doesn't help much, it doesn't tell you *which* patches there are, and risks breaking scripts that actually parse that output. If you want that information, there are standardized way of getting it, e.g. on security.ubuntu.com, or via the package changelog, which will tell you all of the CVEs that have been fixed in each specific version of the package (`apt changelog openssl`).
> To change APIs on a patch level would be very unusual for any software. API stability is only one aspect of stability. Ubuntu and the OpenSSL project have different priorities and timetables, which means their criteria for what is acceptable on bugfix releases does not always align with ours. We err on the side of caution, and normally only ship what we're reasonably confident won't break our existing users' workloads. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2125752 Title: OpenSSL package in Ubuntu 24.04 needs updating To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2125752/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
