[OE-core] [PATCH 1/1] openssl: update to 1.0.2i (CVE-2016-6304 and more)
Alexander Kanavin
alexander.kanavin at linux.intel.com
Mon Sep 26 12:36:52 UTC 2016
On 09/23/2016 07:25 PM, akuster808 wrote:
> No this demonstrates that folks do want to help out. They to the best
> they can with their abilities and situation. The community has made a
> lot of noise about how important it is to address security issues.
> Except a few of us who do send patches, the community as a whole does
> not stepped up to the table to help out.
>
> Opensource is not an all or nothing proposition. I for one appreciate
> contributions folks make in this area.
If folks want to help out, they'd better spend their time building
automated CI infrastructure that allows us to upgrade openssl to 1.0.2j
in stable releases without the paralyzing fear of breaking things. I
appreciate the intent to help, but I don't see the actual contribution
(of randomly backporting CVEs) as particularly useful in the long run.
Alex
More information about the Openembedded-core
mailing list