Hello,

Ludovic Courtès <ludo@gnu.org> ezt írta (időpont: 2019. ápr. 16., K 22:17):

> Hello!
>
> Christopher Lemmer Webber <cwebber@dustycloud.org> skribis:
>
> > From the openssl website:
> >
> >> Note: The latest stable version is the 1.1.1 series. This is also our
> >> Long Term Support (LTS) version, supported until 11th September
> >> 2023. Our previous LTS version (1.0.2 series) will continue to be
> >> supported until 31st December 2019 (security fixes only during the
> >> last year of support). The 1.1.0 series is currently only receiving
> >> security fixes and will go out of support on 11th September 2019. All
> >> users of 1.0.2 and 1.1.0 are encouraged to upgrade to 1.1.1 as soon as
> >> possible. The 0.9.8, 1.0.0 and 1.0.1 versions are now out of support
> >> and should not be used.
> >
> > I know, everyone's going to groan hearing this, but maybe given the
> > above it would make sense to upgrade to the openssl 1.1.0 series before
> > Guix 1.0 gets out the door?
>
> Indeed, I was under the assumption that 1.0 was still the stable
> version, but apparently it’s not.
>
> What do Leo and others think?
>

I would go for the upgrade. As this is a change affecting lots of packages,
and this upgrade would allow us to reduce the chances to stuck with a
vulnerable version. I also suppose, that there areg- some changes on
core-updates we would like to merge anyways before 1.0, so if the upgrade
goes smoothly, then this is not a big loss of time. Wdyt?

>
> Thanks for the heads-up!
>
> Ludo’.
>

Best regards,
g_bor

>
>