[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#765639: Bug#802159: New OpenSSL upstream version

On 2016-04-13 21:36:49 [+0100], Adam D. Barratt wrote:
> Assuming that we went ahead with upstream updates to Jessie (and future
> supported stable distributions), I'm presuming that the preferred
> workflow would be similar to other packages for which we ship upstream
> stable trees - via the security archive for issues that merit a DSA,
> with lesser severity issues being updated via p-u and thus pushed out to
> users as part of a point release. Does that make sense to everyone?

Sounds good.

> (Does anyone have alternative suggestions?)

Not really. This path would get things like #774882 ("openssl: fail to
verify some sites when 1024bit root CAs removed") fixed for the next p-u
and this looks like a good thing.

> Regards,
> 
> Adam

Sebastian
Reply to: