Laszlo, > -----Original Message----- > From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of > Laszlo Ersek > Sent: Tuesday, June 25, 2019 3:54 AM > To: Wang, Jian J <jian.j.w...@intel.com>; devel@edk2.groups.io; > dw...@infradead.org; Lu, XiaoyuX <xiaoyux...@intel.com> > Cc: Ye, Ting <ting...@intel.com>; Richard Levitte <levi...@openssl.org> > Subject: Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg/OpensslLib: Exclude > err_all.c in process_files.py > > On 06/21/19 10:37, Wang, Jian J wrote: > > Hi David, > > > > > >> -----Original Message----- > >> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of > David > >> Woodhouse > >> Sent: Friday, June 21, 2019 6:34 AM > >> To: devel@edk2.groups.io; ler...@redhat.com; Lu, XiaoyuX > >> <xiaoyux...@intel.com> > >> Cc: Wang, Jian J <jian.j.w...@intel.com>; Ye, Ting <ting...@intel.com>; > >> Richard Levitte <levi...@openssl.org> > >> Subject: Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg/OpensslLib: Exclude > >> err_all.c in process_files.py > >> > >> On Thu, 2019-06-20 at 16:46 +0200, Laszlo Ersek wrote: > >>>> Please submit a PR to OpenSSL to add 'no-store' if you really don't > >>>> want it. > >>> > >>> I actually agree about "no-store"; please see point (1) in my earlier > >>> review here: > >>> > >>> http://mid.mail-archive.com/0c5b5e95-cb2c-75af-a30b- > >> 015dac14b...@redhat.com > >> > >> Hm, you told them to use no-store, and I think you were right. They > >> seem to have refused purely because of the piffling detail that it > >> didn't actually exist. I find this suboptimal. Here: > >> > >> https://github.com/openssl/openssl/pull/9206 > >> > > > > Thanks for the PR. > > +1 > > > And I agree adding the 'no-store' is the right way to fix > > this issue. But the problem here is that we fixated the openssl to one > > release tag. We don't change it until we upgrade it to a newer release. > > That means any fixes in openssl trunk cannot be used by edk2 immediately, > > not to mention there's possibility that the PR will be rejected. So there's > > always a lag (maybe a quarter or half year, at least) here. > > > > We have also product release pressure which cannot afford quarters of > > waiting for such kind fixes in upstream. > > > > My personal opinion is that, we fix any issue, if we can, in edk2 > > immediately > > for current version of openssl (as workaround), and try to fix it in > > upstream > > for future release at the same time. Once upstream has fixed the issue and > > edk2 has decided to upgrade to it, we drop the workaround in edk2. We can > > file BZ to track such kind of works. > > > > For this patch, I suggest we still push it. We can drop it and use real fix > > once > > we decide to upgrade openssl future release including your PR. > > Right, in the most recent particular case, the time pressure to get > stuff into usable-at-all state, for edk2-stable201905, was huge. I agree > that "reminder BZs" (about backing out temporary downstream fixes) is > the way to go.
I take this as agreement. I pushed this patch at (fixed file ext) 51f7a3e6c5192d3f9a0fa63b0b5617c151180ad7 > Example: > https://bugzilla.tianocore.org/show_bug.cgi?id=1897 Above one is in our plan. I added BZ#1936 for this one. https://bugzilla.tianocore.org/show_bug.cgi?id=1936 Thanks, Jian > > Thanks > Laszlo > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#42798): https://edk2.groups.io/g/devel/message/42798 Mute This Topic: https://groups.io/mt/32120631/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
