From: Martin Jansa <martin.jansa@gmail.com>
To: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Cc: openembedded-core@lists.openembedded.org
Subject: Re: openssl10 unusable for many components
Date: Fri, 18 Aug 2017 19:41:14 +0200 [thread overview]
Message-ID: <20170818174114.GA3298@jama> (raw)
In-Reply-To: <d2851cd0-1a15-f5aa-1e9b-dda654978178@linux.intel.com>
[-- Attachment #1: Type: text/plain, Size: 1611 bytes --]
On Thu, Aug 17, 2017 at 02:54:37PM +0300, Alexander Kanavin wrote:
> On 08/17/2017 02:46 PM, Martin Jansa wrote:
> > I meant "real-world" as builds for any products on the market (which are
> > likely using one of the failing recipes) - e.g. in LGE we have many more
> > failures over all internal components, so I'll just undo this openssl
> > switch (renaming openssl_1.1 as openssl11 and openssl11_1.0 back as
> > openssl_1.0 with PROVIDES openssl11). We won't be able to use
> > openssl-1.1 for long time anyway, because there are some 3rd party
> > component which are difficult (or expensive) to get rebuilt against new
> > openssl ABI, but we might be interested in some other improvements in
> > oe-core/master.
>
> Yes, this will work for you as a quick fix, but it is merely postponing
> dealing with the issue properly to a later date. Make a plan for it and
> keep in mind that openssl 1.0 goes out of upstream support at the end of
> 2019. Given its history of major security vulnerabilities, it will be
> removed from oe-core well before that time, so that it won't linger in
> supported YP releases.
openssl 1.1 goes out of upstream support on 2018-08-31 _more than a year
before_ 1.0.2 support, see:
https://www.openssl.org/policies/releasestrat.html
Version 1.1.0 will be supported until 2018-08-31.
Version 1.0.2 will be supported until 2019-12-31 (LTS).
Given its history of major security vulnerabilities, I hope you'll
remove openssl-1.1.0 even sooner than openssl-1.0.2.
Regards,
--
Martin 'JaMa' Jansa jabber: Martin.Jansa@gmail.com
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 201 bytes --]
next prev parent reply other threads:[~2017-08-18 17:39 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-17 10:31 openssl10 unusable for many components Martin Jansa
2017-08-17 11:23 ` Alexander Kanavin
2017-08-17 11:33 ` Richard Purdie
2017-08-17 11:46 ` Martin Jansa
2017-08-17 11:54 ` Alexander Kanavin
2017-08-18 5:56 ` Khem Raj
2017-08-18 10:53 ` Alexander Kanavin
2017-08-18 14:41 ` Khem Raj
2017-08-18 17:29 ` Martin Jansa
2017-08-18 17:56 ` Mark Hatle
2017-08-18 18:41 ` Alexander Kanavin
2017-08-18 18:55 ` Martin Jansa
2017-08-18 19:03 ` Mark Hatle
2017-08-18 18:19 ` Alexander Kanavin
2017-08-21 9:29 ` Richard Purdie
2017-08-21 9:59 ` Martin Jansa
2017-08-18 18:15 ` Alexander Kanavin
2017-08-18 17:41 ` Martin Jansa [this message]
2017-08-18 18:30 ` Alexander Kanavin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170818174114.GA3298@jama \
--to=martin.jansa@gmail.com \
--cc=alexander.kanavin@linux.intel.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.