Hello,
Ludovic Courtès <
ludo@gnu.org> ezt írta (időpont: 2019. ápr. 16., K 22:17):
Hello!
Christopher Lemmer Webber <cwebber@dustycloud.org> skribis:
> From the openssl website:
>
>> Note: The latest stable version is the 1.1.1 series. This is also our
>> Long Term Support (LTS) version, supported until 11th September
>> 2023. Our previous LTS version (1.0.2 series) will continue to be
>> supported until 31st December 2019 (security fixes only during the
>> last year of support). The 1.1.0 series is currently only receiving
>> security fixes and will go out of support on 11th September 2019. All
>> users of 1.0.2 and 1.1.0 are encouraged to upgrade to 1.1.1 as soon as
>> possible. The 0.9.8, 1.0.0 and 1.0.1 versions are now out of support
>> and should not be used.
>
> I know, everyone's going to groan hearing this, but maybe given the
> above it would make sense to upgrade to the openssl 1.1.0 series before
> Guix 1.0 gets out the door?
Indeed, I was under the assumption that 1.0 was still the stable
version, but apparently it’s not.
What do Leo and others think?
I would go for the upgrade. As this is a change affecting lots of packages, and this upgrade would allow us to reduce the chances to stuck with a vulnerable version. I also suppose, that there areg- some changes on core-updates we would like to merge anyways before 1.0, so if the upgrade goes smoothly, then this is not a big loss of time. Wdyt?
Thanks for the heads-up!
Ludo’.
Best regards,
g_bor