Fading out PolarSSL

Etienne Champetier champetier.etienne at gmail.com
Tue Jan 3 11:01:20 EST 2017 

Hi,

2017-01-03 4:22 GMT-08:00 Jo-Philipp Wich <jo at mein.io>:
> Hi list,
>
> the mbed TLS project (formerly known as PolarSSL) declared the mbedTLS
> 1.3 branch (packaged as "libpolarssl" by LEDE) to be EOL with the end of
> the year 2016. [1]
>
> In order to avoid shipping an outdated and possibly vulnerable SSL
> library with the first LEDE release we begun migrating core package
> dependencies and default library choices to the "mbedtls" package which
> includes the most recent 2.4.0 release of mbedTLS.
>
> There has been an ongoing discussion in IRC on how to handle the
> remaining users of the legacy PolarSSL package and whether to ship this
> library with the initial release and remove it later or whether to drop
> it now in order to catch potential fallout early.
>
> Since we didn't want to single-handedly decide this issue in IRC I took
> the topic to the list now to facilitate wider feedback.
>
> Right now there are more or less two approaches proposed:
>
> a) Keep libpolarssl available for the initial 17.01.0 release and drop
>    it with the first maintenance release 17.01.1 about 6-8 weeks later
>
> b) Drop libpolarssl now, even before branching and urge the feed package
>    maintainers to migrate users of libpolarssl to the libmbedtls variant
>
> Currently known remaining users of polarssl are:
>
>  * bmx7
>  * pianod
>  * shadowsocks-libev-polarssl
>  * shairport-sync-mini
>  * shairport-sync-polarssl
>  * transmission-cli-polarssl
>  * transmission-daemon-polarssl
>  * transmission-remote-polarssl
>  * umurmur-polarssl
>
>
> Please provide feedback on which approach you'd prefer and if you'd be
> affected by the PolarSSL deprecation or not.

you can also mark it @BROKEN, so people can still build it manually
without too much effort

My 2 cents
Etienne


>
> Regards,
> Jo
>
>
> 1: https://tls.mbed.org/tech-updates/releases/mbedtls-2.0.0-released
>
> _______________________________________________
> lede-adm mailing list
> lede-adm at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/lede-adm

More information about the openwrt-adm mailing list