On Thu, Oct 16, 2014 at 1:45 PM, Burton, Ross <ross.bur...@intel.com> wrote: > On 15 October 2014 16:31, Burton, Ross <ross.bur...@intel.com> wrote: >> There's a openssl 1.0.1j out now (fixing FOUR (!) CVEs, including >> "disabling SSLv3 didn't work"...). I think considering the situation >> we'd take the upgrade for dizzy, even though we've frozen. Anyone >> volunteering to take lead of upgrading dizzy to 1.0.1j and backporting >> the relevant patches to the previous releases? (eg daisy is on >> 1.0.1g). > > For anyone else interested, I've currently got 1.0.1j patches for > dizzy in testing. There's been debate over whether we backport the > fixes to daisy's 1.0.1g, or upgrade as the number of fixes is > growing...
I think the upgrade is the way to go. We are likely to break 1.0.1g someday during backporting of security fixes. -- Otavio Salvador O.S. Systems http://www.ossystems.com.br http://code.ossystems.com.br Mobile: +55 (53) 9981-7854 Mobile: +1 (347) 903-9750 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
