Re: Debian Bookworm packages, please !

Wed, 26 Jun 2024 05:28:14 -0700 

So you're saying other operating systems magically get access to OpenSSL 
premium ?  I somehow doubt it.




On Wednesday, 26 June 2024 at 13:01, Lucas Rolff <lu...@lucasrolff.com> wrote:

> That Debian doesn't patch their LTS releases properly like other operating 
> systems, should probably be brought up with the Debian release and security 
> teams.
> 
> Sent from Outlook for iOS
> 
> From: Laura Smith via dovecot <dovecot@dovecot.org>
> Sent: Wednesday, June 26, 2024 1:31:48 PM
> To: Aki Tuomi <aki.tu...@open-xchange.com>
> Cc: Laura Smith via dovecot <dovecot@dovecot.org>; Michael <m...@hemathor.de>
> Subject: Re: Debian Bookworm packages, please !
> 
> The fundamental problem here is that this turns into a security problem, 
> which in 2024 is not a nice thing to have.
> 
> Yes, theoretically I could run the previous Debian release, 11 Bullseye which 
> is now EOL but in LTS until 2026.
> 
> However, the OpenSSL delivered with Bullseye is 1.1.1.  Any LTS patches 
> delivered by Debian are based on public patches, so basically there will be 
> no OpenSSL patches because OpenSSL moved 1.1.1 to premium support only, 
> *INCLUDING* security patches, as described on their website ("It will no 
> longer be receiving publicly available security fixes after that date") 
> https://www.openssl.org/blog/blog/2023/03/28/1.1.1-EOL/index.html.
> 
> Meanwhile, we are being spoonfed FUD/semi-FUD about the Debian provided 2.3 
> package. "be careful it's broken" is not a warning a good sysadmin takes 
> lightly.
> 
> Meanwhile, if we're lucky, we might get 2.4 this side of Christmas 2024.
> 
> Its all a bit of a mess. Its all a bit worrying.
> 
> Meanwhile alternatives are few and far between, and I suspect Dovecot knows 
> that !   The Dovecot community are left between the proverbial rock and a 
> hard place.
> 
> Cyrus is now dependent on the commercial goodwill of FastMail, which brings 
> thoughts of comparisons with Dovecot and OpenXChange.
> 
> Stalwart, whilst extraordinarily promising, needs another year or so of 
> development to reach v1 and mature the code.
> _______________________________________________
> dovecot mailing list -- dovecot@dovecot.org
> To unsubscribe send an email to dovecot-le...@dovecot.org
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Reply via email to