On 06/21/19 10:37, Wang, Jian J wrote: > Hi David, > > >> -----Original Message----- >> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of David >> Woodhouse >> Sent: Friday, June 21, 2019 6:34 AM >> To: devel@edk2.groups.io; ler...@redhat.com; Lu, XiaoyuX >> <xiaoyux...@intel.com> >> Cc: Wang, Jian J <jian.j.w...@intel.com>; Ye, Ting <ting...@intel.com>; >> Richard Levitte <levi...@openssl.org> >> Subject: Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg/OpensslLib: Exclude >> err_all.c in process_files.py >> >> On Thu, 2019-06-20 at 16:46 +0200, Laszlo Ersek wrote: >>>> Please submit a PR to OpenSSL to add 'no-store' if you really don't >>>> want it. >>> >>> I actually agree about "no-store"; please see point (1) in my earlier >>> review here: >>> >>> http://mid.mail-archive.com/0c5b5e95-cb2c-75af-a30b- >> 015dac14b...@redhat.com >> >> Hm, you told them to use no-store, and I think you were right. They >> seem to have refused purely because of the piffling detail that it >> didn't actually exist. I find this suboptimal. Here: >> >> https://github.com/openssl/openssl/pull/9206 >> > > Thanks for the PR.
+1 > And I agree adding the 'no-store' is the right way to fix > this issue. But the problem here is that we fixated the openssl to one > release tag. We don't change it until we upgrade it to a newer release. > That means any fixes in openssl trunk cannot be used by edk2 immediately, > not to mention there's possibility that the PR will be rejected. So there's > always a lag (maybe a quarter or half year, at least) here. > > We have also product release pressure which cannot afford quarters of > waiting for such kind fixes in upstream. > > My personal opinion is that, we fix any issue, if we can, in edk2 immediately > for current version of openssl (as workaround), and try to fix it in upstream > for future release at the same time. Once upstream has fixed the issue and > edk2 has decided to upgrade to it, we drop the workaround in edk2. We can > file BZ to track such kind of works. > > For this patch, I suggest we still push it. We can drop it and use real fix > once > we decide to upgrade openssl future release including your PR. Right, in the most recent particular case, the time pressure to get stuff into usable-at-all state, for edk2-stable201905, was huge. I agree that "reminder BZs" (about backing out temporary downstream fixes) is the way to go. Example: https://bugzilla.tianocore.org/show_bug.cgi?id=1897 Thanks Laszlo -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#42755): https://edk2.groups.io/g/devel/message/42755 Mute This Topic: https://groups.io/mt/32120631/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
