But you do realize that all versions prior to 1.0.2 are PITA to code
developers?
I.e. the hostname validation, the very basic feature, needs to be
implemented with creepy hacks for OpenSSL before 1.0.2.
https://wiki.openssl.org/index.php/Hostname_validation
--
You received this bug notification
Ubuntu doesn't typically update to newer software versions. Like most
other Linux distros, we backport security patches to the versions of
software we ship, whether or not there is still upstream support for it.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which
>From https://www.openssl.org/policies/releasestrat.html
Support for version 1.0.1 will cease on 2016-12-31. No further releases
of 1.0.1 will be made after that date. Security fixes only will be
applied to 1.0.1 until then.
How is Ubuntu going to deal with that? Both Precise and Trusty currently
I strongly doubt there will be an official effort to backport OpenSSL
1.0.2 for 14.04 LTS; it would not be feasible to replace the existing
1.0.1f-derived packages with 1.0.2-derived packages, and duplicating
packages would add to the maintenance burden.
16.04 LTS's openssl package is based on a 1
** Changed in: openssl (Ubuntu)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1596693
Title:
OpenSSL 1.0.2 for trusty
To manage notifications about this bug go to:
h
