Sitting on 2.3 wouldn't be too much an issue for me, but I can't speak for others that may be in the same situation. Do these patches / new versions require 1.1.0 or break backwards compatibility with 1.0.2? It would be nice if it could be handled by the PREFFERED_VERSION/PREFERRERED_PROVIDER.
-----Original Message----- From: Alexander Kanavin [mailto:alexander.kana...@linux.intel.com] Sent: Wednesday, May 10, 2017 10:16 AM To: Davis, Michael; openembedded-core@lists.openembedded.org Subject: Re: [OE-core] [RFC PATCH 00/10] Add openssl 1.1 On 05/10/2017 06:02 PM, Davis, Michael wrote: > Won't this cause a lot of issues for those of us that require FIPS? > I don't think 1.1 is expected to get FIPS support for some time. https://www.openssl.org/blog/blog/2016/07/20/fips/#comment-3277656289 "There's been a delay on starting due to a priority focus on finishing the TLS 1.3 implementation; we're still waiting on a final TLS 1.3 spec. Schedule estimates are difficult, not only because we haven't actually started yet but because the FIPS 140 validation process is notoriously unpredictable. Based on the first five open source based validations I would be surprised to see a final approved validation in less than two years after we start, but my prognostications have been wrong before." Would you be okay with staying on yocto 2.3 release until this is resolved? Otherwise, this can be delayed somewhat, but "we haven't started yet; we have no idea how long it's gonna take; probably two years or more" does not seem like a reasonable ask. There are other users of oe-core, who do not care about FIPS, and at the same time do want to have 1.1. Alex -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
