On Fri, Nov 19, 2021 at 12:54:22PM -0500, Sergio Durigan Junior wrote: > I'd like to raise something. I apologize for sending this message in > such short notice. > > I am working on net-snmp, squid and a few other packages during this > transition, and I am feeling concerned with how uncomfortable some of > our upstreams seem to be regarding their patches to support OpenSSL 3. > I can mention a few cases here. > > net-snmp has a patch to support OpenSSL 3 in theory, but they are still > discussing a few details here: > https://github.com/net-snmp/net-snmp/issues/294 . It seems like they > have sorted out most of the issues so far, which is good, but I'm still > not 100% confident in backporting their patch yet.
Just to add to this, when we do have patches ready, what should be our process to get any security-sensitive backport patches reviewed - in the cases that we're introducing them ahead of an upstream release - to avoid inadvertent security regressions? Robie
signature.asc
Description: PGP signature
-- Ubuntu-release mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-release
