While I don't even pretend to be a security expert, this is a topic that I have quite some familiarity with. Yes, right now OpenSSL 1.0.2 (latest) is still considered "as secure" as 1.1.0 latest. I can understand the Qt team delaying this migration for 5.10 as it is quite painful.
/D -- From my phone -------- Original Message -------- From: Thiago Macieira <[email protected]> Sent: Sun Aug 06 05:26:04 GMT+01:00 2017 To: Linus Torvalds <[email protected]> Cc: Subsurface Mailing List <[email protected]> Subject: Re: Qt 5.9 openssl problems on F26 On Saturday, 5 August 2017 17:07:50 PDT Linus Torvalds wrote: > You don't use old versions of security software. It's that easy. Not done, > not acceptable, not a solution. To be clear: OpenSSL 1.0.2l was released on the very same day as 1.1.0f. Both branches are currently maintained. -- Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org Software Architect - Intel Open Source Technology Center _______________________________________________ subsurface mailing list [email protected] http://lists.subsurface-divelog.org/cgi-bin/mailman/listinfo/subsurface _______________________________________________ subsurface mailing list [email protected] http://lists.subsurface-divelog.org/cgi-bin/mailman/listinfo/subsurface
