Bug 752183

Summary:	dev-libs/libressl-3.2.x: stabilisation
Product:	Gentoo Linux	Reporter:	Jory A. Pratt <anarchy>
Component:	Stabilization	Assignee:	Gentoo LibreSSL <libressl>
Status:	RESOLVED OBSOLETE
Severity:	normal	CC:	sam
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:	=dev-libs/libressl-3.2.2	Runtime testing required:	---

Description Jory A. Pratt gentoo-dev

2020-11-02 02:32:55 UTC

mark stable per b-man, arm64 and amd64 have already been stabilized.

Comment 1 Stefan Strogin gentoo-dev

2020-11-02 09:46:57 UTC

I'd rather not do it. The first stable release in 3.2.x branch is 3.2.2. 3.2.1 was considered testing by the upstream project.
3.2.2 has been just released. I would stabilize 3.2.2 skipping 3.2.1.

Comment 2 Jory A. Pratt gentoo-dev

2020-11-02 12:01:41 UTC

(In reply to Stefan Strogin from comment #1)
> I'd rather not do it. The first stable release in 3.2.x branch is 3.2.2.
> 3.2.1 was considered testing by the upstream project.
> 3.2.2 has been just released. I would stabilize 3.2.2 skipping 3.2.1.

I am fine with 3.2.2 being marked stable if you prefer, what I am not fine with is masking libressl useflag on stable profile due to the fact it was left lacking stable keywords for mupdf due to security bump. Many stable users were forced to either skip the update of mupdf and stay vulnerable or unmask the libressl useflag for mupdf and update to ~testing to keep their systems secure.

Comment 3 Sam James archtester

2020-11-03 04:08:08 UTC

Not ready yet: 
https://gitlab.torproject.org/tpo/core/tor/-/issues/40128
https://github.com/libressl-portable/portable/issues/629