[OE-core] [meta-oe][RFC][PATCH] Remove openssl10
Adrian Bunk
bunk at stusta.de
Fri Apr 26 05:12:15 UTC 2019
On Thu, Apr 25, 2019 at 03:18:47PM -0500, Mark Hatle wrote:
> On 4/25/19 2:28 PM, Adrian Bunk wrote:
> > Would you consider this patch appropriate now that warrior has branched?
>
> The use of OpenSSL10 as a 'second library' is likely no longer needed. But
> OpenSSL 1.0 (as an alternative version) to OpenSSL 1.1 is still needed in some
> cases.. (FIPS-140-2)
Is anyone actually security-maintaining OpenSSL in OE?
The just released sumo has both versions of OpenSSL not touched since
August, despite just upgrading to the latest versions would fix CVEs.
> So removal of openssl10 is fine, but if there are patches for support of both
> versions (old/new) of OpenSSL they will be needed at least through the end of
> this year for many users.
This is now for Yocto 2.8, which will be released October/November
this year.
> --Mark
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
More information about the Openembedded-core
mailing list