[OE-core] openssl10 unusable for many components
Martin Jansa
martin.jansa at gmail.com
Fri Aug 18 17:41:14 UTC 2017
On Thu, Aug 17, 2017 at 02:54:37PM +0300, Alexander Kanavin wrote:
> On 08/17/2017 02:46 PM, Martin Jansa wrote:
> > I meant "real-world" as builds for any products on the market (which are
> > likely using one of the failing recipes) - e.g. in LGE we have many more
> > failures over all internal components, so I'll just undo this openssl
> > switch (renaming openssl_1.1 as openssl11 and openssl11_1.0 back as
> > openssl_1.0 with PROVIDES openssl11). We won't be able to use
> > openssl-1.1 for long time anyway, because there are some 3rd party
> > component which are difficult (or expensive) to get rebuilt against new
> > openssl ABI, but we might be interested in some other improvements in
> > oe-core/master.
>
> Yes, this will work for you as a quick fix, but it is merely postponing
> dealing with the issue properly to a later date. Make a plan for it and
> keep in mind that openssl 1.0 goes out of upstream support at the end of
> 2019. Given its history of major security vulnerabilities, it will be
> removed from oe-core well before that time, so that it won't linger in
> supported YP releases.
openssl 1.1 goes out of upstream support on 2018-08-31 _more than a year
before_ 1.0.2 support, see:
https://www.openssl.org/policies/releasestrat.html
Version 1.1.0 will be supported until 2018-08-31.
Version 1.0.2 will be supported until 2019-12-31 (LTS).
Given its history of major security vulnerabilities, I hope you'll
remove openssl-1.1.0 even sooner than openssl-1.0.2.
Regards,
--
Martin 'JaMa' Jansa jabber: Martin.Jansa at gmail.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: Digital signature
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20170818/ae020f1d/attachment-0002.sig>
More information about the Openembedded-core
mailing list