[openssl-users] Why wasn't the fix for IP name restrictions included in 1.0.2 ?
matt at openssl.org
Fri Sep 15 11:15:18 UTC 2017
On 15/09/17 00:05, Salz, Rich via openssl-users wrote:
> ➢ But the patch was put in git almost 10 months before 1.0.2 initial release.
> We weren’t using git back then. So maybe it’s a bad/confusing import. Maybe matt can explain.
Actually I think we were using git at that point. I calculate it at
about 8 months at the point of that commit before the 1.0.2 release.
IIRC 1.0.2 had a very long and protracted release period. It actually
went into beta at the end of February 2014. Shortly afterwards
heartbleed hit and we had our minds on other things for a bit, so it
didn't get released until January 2015. The 1.0.2 branch was in "feature
freeze" during that whole period - so that is almost certainly the
reason why this wasn't backported.
Perhaps if we had realised in May 2014 that we weren't going to release
1.0.2 for another 8 months then we might have made different decisions.
More information about the openssl-users