[OE-core] [PATCH 00/26] thud patch review
Alexander Kanavin
alex.kanavin at gmail.com
Tue Mar 19 16:31:52 UTC 2019
For what it’s worth, OpenSSL is also being relicensed to Apache 2.0, so backporting their fixes may not be an option either.
https://license.openssl.org/
Please be careful with your language: I’m sure you know that recipe maintenance is a tedious, thankless task. Having it belittled doesn’t help.
Alex
> On 19 Mar 2019, at 14.55, Martin Jansa <martin.jansa at gmail.com> wrote:
>
>> On Tue, Mar 19, 2019 at 12:35:59PM +0100, Alexander Kanavin wrote:
>> Just to remind once more, all upstream support for OpenSSL 1.0.2 ceases in 9 months, so shipping products with it may not be the best idea.
>
> Just to remind once more, shipping products isn't as easy as building
> the few recipes included in oe-core.
>
> For example:
> Believe it or not, some projects need to use old Qt 5.6 due to license
> change in newer version and 5.6 doesn't support openssl 1.1,
> backporting the necessary changes would violate the license as well.
> Providing clean room re-implementation is also difficult, because there
> aren't many other options how to implement this than how it was done in
> newer qt already, see:
>
> https://bugreports.qt.io/browse/QTBUG-71623
> https://development.qt-project.narkive.com/RW4wxYXY/openssl-1-1-x-support-on-qt-5-6-5-9
>
> Yes, it's not the best idea, but even backporting security fixes to old
> openssl might be cheaper than buying commercial qt license...
>
> Cheeers,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20190319/cf0e63bf/attachment.html>
More information about the Openembedded-core
mailing list