Hello,

On Mon, Jul 13, 2026 at 12:32 PM Sylvain Beucler <[email protected]> wrote:
> > Let me know if you have any other questions or concerns.
>
> It's great that people at wolfSSL can provide fixes for bookworm :)
>
> Note that we had to mark wolfssl for bookworm as end-of-life ~1.5 month ago:
> https://salsa.debian.org/debian/debian-security-support/-/blob/master/security-support.deb12
>
> "wolfssl non-supported 5.5.4-2+deb12u2 Crypto library difficult to
> support in the longterm; see: https://bugs.debian.org/1138294";
>
> We might revert/postpone this decision if there's upstream interest to
> maintain wolfssl 5.5/bookworm. What are your plans?

I had a similar thought while replying to Jacob and Bastian.

I think it's reasonable for these two things to coexist. Even if
wolfSSL remains marked as end-of-life, we could still provide
occasional one-off fixes for sufficiently serious security issues when
someone is willing to do the work.

Of course, it would be even better if upstream is able to commit to
providing fixes regularly. Depending on their response and level of
commitment, I think we could keep the package EOL'd for now, continue
to accept occasional fixes, and see how that works in practice. If
that proves sustainable over the course of a few updates, we could
then consider moving wolfSSL to limited-support, perhaps?

My main concern is avoiding a situation where we reverse the EOL
decision prematurely, only to discover later that the LTS team can't
realistically guarantee ongoing support and have to mark it EOL again.

Thoughts?


- u

Reply via email to