Summary: | security/openssl 2015Q2 branch still unpatched | ||
---|---|---|---|
Product: | Ports & Packages | Reporter: | Fabiano Sidler <freebsd-bugs> |
Component: | Individual Port(s) | Assignee: | Ports Security Team <ports-secteam> |
Status: | Closed Overcome By Events | ||
Severity: | Affects Many People | CC: | delphij, junovitch |
Priority: | --- | Flags: | dinoex:
maintainer-feedback-
dinoex: merge-quarterly+ |
Version: | Latest | ||
Hardware: | Any | ||
OS: | Any |
Description
Fabiano Sidler
2015-06-16 14:55:55 UTC
The update to 1.0.2c is not ABI compatible What do you mean? I'm talking about the port, not binary packages... Problem still stands. This current status is rendering the whole branch pretty questionable. Regarding ABI compatibility: The same (issues) occured when the OpenSSL in base got updated due to Heartbleed. Some applications like proftpd were affected. This didn't stop anyone. Also... It's not going the right way: It's a branch for providing stable packages with security fixes only. If some fixes are left out intentionally due to compat issues, this should be announced and not handled like this. If there's a delay because the patch is more tricky / noone knows how to do it (and i doubt that), or because it needs upgrading / rebuilding a lot of packages, then is there any idea of a "when"? The Security updates had been done without informing the maintainer. Please decide which patches should be merged to quaterly or not I do not merge patches not validated by me. Over to maintainer "Overcome by events" for this PR? Referring to bug 201192 comment 8, the 2015Q2 branch is no longer supported now that 2015Q3 is out. If noone thinks that it's something to step back and think about that this patch didn't make it any it wasn't considered important to get it in Q2 before cutting the Q3, and that now everyone can switch to Q3 without any prior testing just to get the single fix... And that the port maintainer wasn't pinged And that Q3 was delayed yet it was no reason to fix it in the Q2 first. Then yeah, let's just close it. I'll take myself off the CC list so I don't have to think about this any longer. Mark this one as closed as the 2015Q2 branch is not supported anymore and 2015Q3 already have latest OpenSSL (1.0.2c). |