On 2016-11-15 00:16:14 [+0200], Adrian Bunk wrote: > And since 80% of all OpenSSL-using packages in unstable are still > using libssl1.0.2 (binNMUs have not yet happened), all runtime > issues observed so far are only the tip of the iceberg. > Bugs like "With Kurt's patch, apache2 crashes on startup with an invalid > free." > or #843988 will be a common sight on the list of RC bugs for several > months in any scenario with OpenSSL 1.1 as default. Are you afraid of bugs or that nobody will look after them? Can't speak for apache but #843988 got patched and so did #843532.
Sebastian
