[Bug 900244] Re: Please backport openssl
Micah Gersten
launchpad at micahscomputing.com
Mon Dec 5 16:52:25 UTC 2011
Thank you for requesting this backport. It's not true that anything
less than 0.9.8r breaks PCI compliance. It just breaks automated PCI
compliance testing. The Ubuntu security team regularly backports
patches for OpenSSL to keep the version in Lucid patched for security
vulnerabilities. Also, due to not wanting to break people on upgrade,
we'd have to backport openssl 1.0 to maverick and natty as well. Since
openssl 1.0 has a new ABI, all the reverse dependencies would need to be
rebuilt in the backports pocket for the 3 releases as well. This
backport brings too much risk, so I'm going to have to mark it won't
fix. If you have specific questions about whether or not a security
patch has been applied, you can see the Ubuntu Security Notices for
Lucid here: http://www.ubuntu.com/usn/lucid/. If you find that a patch
might not have been applied that you are expecting, please feel free to
E-Mail the Ubuntu Security team at security at ubuntu dot com.
** Changed in: lucid-backports
Status: New => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Backporters, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/900244
Title:
Please backport openssl
To manage notifications about this bug go to:
https://bugs.launchpad.net/lucid-backports/+bug/900244/+subscriptions
More information about the ubuntu-backports
mailing list