Hi,
There is a plan from CentOS to support OpenSSL 1.1.1 in future versions of CentOS 7 because openssl community has OpenSSL 1.1.1 which was released in Sep 2018 and it has fixed for many vulnerabilities. And CentOS has 1.0.2k version.
Can you please update on this?
Regards, Shagun
On 29/01/2019 04:54, Maheshwari, Shagun wrote:
Hi,
There is a plan from CentOS to support OpenSSL 1.1.1 in future versions of CentOS 7 because openssl community has OpenSSL 1.1.1 which was released in Sep 2018 and it has fixed for many vulnerabilities.
And CentOS has 1.0.2k version.
Can you please update on this?
There is no plan as CentOS is not the place that decides these things. CentOS is a rebuild of RHEL and rebuilds and ships those things that make up RHEL. It doesn't go off and unilaterally decide to upgrade a core component of the operating system just because it's new and shiny.
If you want it in CentOS then it has to go into RHEL first.
Trevor
On Tue, Jan 29, 2019 at 2:14 AM Trevor Hemsley via CentOS-devel centos-devel@centos.org wrote:
On 29/01/2019 04:54, Maheshwari, Shagun wrote:
Hi,
There is a plan from CentOS to support OpenSSL 1.1.1 in future versions of CentOS 7 because openssl community has OpenSSL 1.1.1 which was released in Sep 2018 and it has fixed for many vulnerabilities.
And CentOS has 1.0.2k version.
Can you please update on this?
There is no plan as CentOS is not the place that decides these things. CentOS is a rebuild of RHEL and rebuilds and ships those things that make up RHEL. It doesn't go off and unilaterally decide to upgrade a core component of the operating system just because it's new and shiny.
If you want it in CentOS then it has to go into RHEL first.
Trevor
It could go in EPEL or upstresm in RHEL's "Software Collections Library". But that would be a parallel build, available for alternate compilation, not an in-place replacement. An in-place replacement would be *hard*, and would probably be better slated for RHEL 8. I've not heard any progress on that since the beta in November: My guess, as RHEL and thus CentOS has gotten larger and IBM bought Red Hat, is not to hope for RHEL 8 before June.
On Wed, Jan 30, 2019 at 08:02:16AM -0500, Nico Kadel-Garcia wrote:
It could go in EPEL or upstresm in RHEL's "Software Collections Library". But that would be a parallel build, available for alternate compilation, not an in-place replacement. An in-place replacement would be *hard*, and would probably be better slated for RHEL 8.
It *is* slated for RHEL 8, as you can see: http://ftp.redhat.com/redhat/rhel/rhel-8-beta/baseos/source/Packages/ contains openssl-1.1.1-6.el8.src.rpm.
I've not heard any progress on that since the beta in November: My guess, as RHEL and thus CentOS has gotten larger and IBM bought Red Hat, is not to hope for RHEL 8 before June.
There is an agreement for IBM to purchase Red Hat; this has not happened yet and has no impact on anything like this.
Am 29.01.2019 um 05:54 schrieb Maheshwari, Shagun Shagun.Maheshwari@Harman.com:
Hi,
There is a plan from CentOS to support OpenSSL 1.1.1 in future versions of CentOS 7 because openssl community has OpenSSL 1.1.1 which was released in Sep 2018 and it has fixed for many vulnerabilities. And CentOS has 1.0.2k version.
https://access.redhat.com/security/updates/backporting/
-- LF
-
Leon Fauster -
Maheshwari, Shagun -
Matthew Miller -
Nico Kadel-Garcia -
Trevor Hemsley