Hello Sona, On Tue, Dec 16, 2014 at 11:58 AM, Sona Sarmadi <sona.sarm...@enea.com> wrote: > > Is there any specific reason why openssl 1.0.1g is used by default? Yocto is > using 1.0.1j in master to address some security issues (SSLv3 protocol > vulnerability). If there is a strong reason to stay on 1.0.1g, I suggest we > apply sslv3 patches otherwise we just remove this line. > > https://git.yoctoproject.org/cgit/cgit.cgi/meta-fsl-ppc/tree/conf/machine/include/qoriq-default-versions.inc > > PREFERRED_VERSION_openssl = "1.0.1g"
I agree; it should be removed in my opinion. Could you prepare a patch and send? So it goes over the usual review process while Luo enquire internally if there is any reason to not upgrade? -- Otavio Salvador O.S. Systems http://www.ossystems.com.br http://code.ossystems.com.br Mobile: +55 (53) 9981-7854 Mobile: +1 (347) 903-9750 -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
