From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH] polarssl: deprecate on security grounds
Date: Tue, 11 Oct 2016 19:13:00 +0200 [thread overview]
Message-ID: <87insystb7.fsf@dell.be.48ers.dk> (raw)
In-Reply-To: <20161011122247.2dea9911@free-electrons.com> (Thomas Petazzoni's message of "Tue, 11 Oct 2016 12:22:47 +0200")
>>>>> "Thomas" == Thomas Petazzoni <thomas.petazzoni@free-electrons.com> writes:
> Hello,
> On Mon, 10 Oct 2016 14:26:33 -0300, Gustavo Zacarias wrote:
>> The 1.2.x branch is no longer maintained and the latest release from the
>> maintained branches (2.3, 2.1, 1.3) were security releases, so more
>> likely than not 1.2 is affected.
>> In consequence switch shairport-sync to the openssl backend.
>>
>> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
> I'm fine with the principle, but..
>> Config.in.legacy | 10 ++++++++++
> ... with your change, we get two definitions of the
> BR2_PACKAGE_POLARSSL variable. The addition to Config.in.legacy should
> only take place when the package gets removed. Deprecated packages are
> meant to still allow the build to take place. But with the
> Config.in.legacy option having the same name, you can't build, because
> you're selecting BR2_LEGACY, which prevents the build from starting.
> In fact, amusingly, with our process, "deprecating" a package means
> that it blindly disappears for users.
Yeah, that isn't really good. Perhaps we need to add a 'select
BR2_NEEDS_DEPRECATED' to everything depending on BR2_DEPRECATED and add
some logic to warn if BR2_NEEDS_DEPRECATED && !BR2_DEPRECATED?
> But if you remove the package, we are warning the user by aborting the
> build, thanks to the Config.in.legacy mechanism.
> So I'm wondering if we shouldn't simply drop the polarssl package
> altogether, in order to take advantage from the Config.in.legacy
> mechanism.
> Yann, Peter, Arnout, what do you think?
Yes, I agree. Lets just remove it and add it to Config.in.legacy.
--
Venlig hilsen,
Peter Korsgaard
next prev parent reply other threads:[~2016-10-11 17:13 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-10 17:26 [Buildroot] [PATCH] polarssl: deprecate on security grounds Gustavo Zacarias
2016-10-11 10:22 ` Thomas Petazzoni
2016-10-11 17:13 ` Peter Korsgaard [this message]
2016-10-12 21:28 ` Arnout Vandecappelle
2016-10-12 22:30 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87insystb7.fsf@dell.be.48ers.dk \
--to=peter@korsgaard.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox