On Wed, Oct 19, 2016 at 10:44:08PM +0200, Kurt Roeckx wrote:
> On Mon, Oct 17, 2016 at 08:52:31PM +0200, Emilio Pozuelo Monfort wrote:
> >
> > I'm sorry but I'm going to have to nack this for Stretch, as much as I like
> > to
> > approve transitions and get new stuff in. I have looked at the opened bugs
> > and
> > I'm afraid this still is too disruptive. I have noticed that you have
> > forwarded
> > some of them and sent patches, and I appreciate that. We can do this early
> > in
> > the Buster cycle, so let's look at the status of this and prepare for the
> > transition when Stretch gets released.
>
> Is having 2 version of OpenSSL in Stretch an option?
We've discussed this within the security team and we'd be fine with
a one-time exception to have two openssl releases in stretch; the API
changes are clearly too invasive to cover the entire Debian archive,
but 1.1 also carries sufficiently important new features (like support
for chacha20/poly1305) to warrant the extra complexity.
(It's the release team's call of course).
Cheers,
Moritz
