[edk2-devel] [PATCH v1 1/1] CryptoPkg/OpensslLib: Exclude err_all.c in process_files.py
Wang, Jian J
jian.j.wang at intel.com
Fri Jun 21 08:37:37 UTC 2019
Hi David,
> -----Original Message-----
> From: devel at edk2.groups.io [mailto:devel at edk2.groups.io] On Behalf Of David
> Woodhouse
> Sent: Friday, June 21, 2019 6:34 AM
> To: devel at edk2.groups.io; lersek at redhat.com; Lu, XiaoyuX
> <xiaoyux.lu at intel.com>
> Cc: Wang, Jian J <jian.j.wang at intel.com>; Ye, Ting <ting.ye at intel.com>;
> Richard Levitte <levitte at openssl.org>
> Subject: Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg/OpensslLib: Exclude
> err_all.c in process_files.py
>
> On Thu, 2019-06-20 at 16:46 +0200, Laszlo Ersek wrote:
> > > Please submit a PR to OpenSSL to add 'no-store' if you really don't
> > > want it.
> >
> > I actually agree about "no-store"; please see point (1) in my earlier
> > review here:
> >
> > http://mid.mail-archive.com/0c5b5e95-cb2c-75af-a30b-
> 015dac14b91c at redhat.com
>
> Hm, you told them to use no-store, and I think you were right. They
> seem to have refused purely because of the piffling detail that it
> didn't actually exist. I find this suboptimal. Here:
>
> https://github.com/openssl/openssl/pull/9206
>
Thanks for the PR. And I agree adding the 'no-store' is the right way to fix
this issue. But the problem here is that we fixated the openssl to one
release tag. We don't change it until we upgrade it to a newer release.
That means any fixes in openssl trunk cannot be used by edk2 immediately,
not to mention there's possibility that the PR will be rejected. So there's
always a lag (maybe a quarter or half year, at least) here.
We have also product release pressure which cannot afford quarters of
waiting for such kind fixes in upstream.
My personal opinion is that, we fix any issue, if we can, in edk2 immediately
for current version of openssl (as workaround), and try to fix it in upstream
for future release at the same time. Once upstream has fixed the issue and
edk2 has decided to upgrade to it, we drop the workaround in edk2. We can
file BZ to track such kind of works.
For this patch, I suggest we still push it. We can drop it and use real fix once
we decide to upgrade openssl future release including your PR.
Thanks,
Jian
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#42689): https://edk2.groups.io/g/devel/message/42689
Mute This Topic: https://groups.io/mt/32120631/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list