Backports to 1.1.1 and what is allowed

Matt Caswell matt at
Fri Jun 19 22:47:47 UTC 2020

On 19/06/2020 22:58, Kurt Roeckx wrote:
> On Fri, Jun 19, 2020 at 10:29:24PM +0100, Matt Caswell wrote:
>> My immediate reaction to that is no - it shouldn't go to 1.1.1. That
>> would impact a very high proportion of our user base.
> So is risk an important factor? How do you judge the risk? By the
> size of the change?

Yes, I do believe risk is an important factor although putting hard
rules around it is very difficult. There are bound to be some fuzzy
lines here between what is and isn't acceptable.


More information about the openssl-project mailing list