From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?UTF-8?Q?G=C3=A1bor_Boskovits?= Subject: Re: Should we upgrade openssl? Date: Wed, 17 Apr 2019 14:31:51 +0200 Message-ID: References: <87wojvmk9n.fsf@dustycloud.org> <87r2a1d7s3.fsf@gnu.org> <87d0lkbyua.fsf@gnu.org> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="000000000000bd86ed0586b91285" Return-path: Received: from eggs.gnu.org ([209.51.188.92]:46750) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hGjjU-0007Rh-Vn for guix-devel@gnu.org; Wed, 17 Apr 2019 08:32:10 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hGjjU-0003wt-2I for guix-devel@gnu.org; Wed, 17 Apr 2019 08:32:08 -0400 In-Reply-To: <87d0lkbyua.fsf@gnu.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: =?UTF-8?Q?Ludovic_Court=C3=A8s?= Cc: Guix-devel --000000000000bd86ed0586b91285 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hello, Ludovic Court=C3=A8s ezt =C3=ADrta (id=C5=91pont: 2019. =C3= =A1pr. 17., Sze 14:28): > Hi G=C3=A1bor, > > G=C3=A1bor Boskovits skribis: > > > I would go for the upgrade. As this is a change affecting lots of > packages, > > and this upgrade would allow us to reduce the chances to stuck with a > > vulnerable version. I also suppose, that there areg- some changes on > > core-updates we would like to merge anyways before 1.0, so if the upgra= de > > goes smoothly, then this is not a big loss of time. Wdyt? > > Merging =E2=80=98core-updates=E2=80=99 is no longer an option for 1.0: I= =E2=80=99m seriously > still aiming for around April 30th. Let=E2=80=99s get our act together! > Ok, that's clear. > > Likewise, I don=E2=80=99t think the OpenSSL upgrade can be merged on time= . But > that=E2=80=99s OK: we can start working on it and have it merged as soon = as > possible, possibly with all of =E2=80=98core-updates=E2=80=99. > Do we have a list of actionable items we can work on to help? > > Thoughts? > > Thanks, > Ludo=E2=80=99. > Best regards, g_bor > --000000000000bd86ed0586b91285 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hello,

Ludovic Court=C3=A8s <ludo@gnu.org> ezt =C3=ADrta (id=C5=91pont: 2019. =C3=A1pr. = 17., Sze 14:28):
Hi G=C3=A1bor,

G=C3=A1bor Boskovits <boskovits@gmail.com> skribis:

> I would go for the upgrade. As this is a change affecting lots of pack= ages,
> and this upgrade would allow us to reduce the chances to stuck with a<= br> > vulnerable version. I also suppose, that there areg- some changes on > core-updates we would like to merge anyways before 1.0, so if the upgr= ade
> goes smoothly, then this is not a big loss of time. Wdyt?

Merging =E2=80=98core-updates=E2=80=99 is no longer an option for 1.0: I=E2= =80=99m seriously
still aiming for around April 30th.=C2=A0 Let=E2=80=99s get our act togethe= r!
Ok, that's clear.
Do we have a list of actionable items we = can work on to help?

Thoughts?

Thanks,
Ludo=E2=80=99.
Best regards,<= /div>
g_bor
--000000000000bd86ed0586b91285--