From: "Wang, Jian J" <jian.j.wang@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>,
"dwmw2@infradead.org" <dwmw2@infradead.org>,
"lersek@redhat.com" <lersek@redhat.com>,
"Lu, XiaoyuX" <xiaoyux.lu@intel.com>
Cc: "Ye, Ting" <ting.ye@intel.com>, Richard Levitte <levitte@openssl.org>
Subject: Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg/OpensslLib: Exclude err_all.c in process_files.py
Date: Fri, 21 Jun 2019 08:37:37 +0000 [thread overview]
Message-ID: <D827630B58408649ACB04F44C51000362592AAFE@SHSMSX107.ccr.corp.intel.com> (raw)
In-Reply-To: <821c1ef9bf8ae42b60627876b696a86cde1f6f84.camel@infradead.org>
Hi David,
> -----Original Message-----
> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of David
> Woodhouse
> Sent: Friday, June 21, 2019 6:34 AM
> To: devel@edk2.groups.io; lersek@redhat.com; Lu, XiaoyuX
> <xiaoyux.lu@intel.com>
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Ye, Ting <ting.ye@intel.com>;
> Richard Levitte <levitte@openssl.org>
> Subject: Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg/OpensslLib: Exclude
> err_all.c in process_files.py
>
> On Thu, 2019-06-20 at 16:46 +0200, Laszlo Ersek wrote:
> > > Please submit a PR to OpenSSL to add 'no-store' if you really don't
> > > want it.
> >
> > I actually agree about "no-store"; please see point (1) in my earlier
> > review here:
> >
> > http://mid.mail-archive.com/0c5b5e95-cb2c-75af-a30b-
> 015dac14b91c@redhat.com
>
> Hm, you told them to use no-store, and I think you were right. They
> seem to have refused purely because of the piffling detail that it
> didn't actually exist. I find this suboptimal. Here:
>
> https://github.com/openssl/openssl/pull/9206
>
Thanks for the PR. And I agree adding the 'no-store' is the right way to fix
this issue. But the problem here is that we fixated the openssl to one
release tag. We don't change it until we upgrade it to a newer release.
That means any fixes in openssl trunk cannot be used by edk2 immediately,
not to mention there's possibility that the PR will be rejected. So there's
always a lag (maybe a quarter or half year, at least) here.
We have also product release pressure which cannot afford quarters of
waiting for such kind fixes in upstream.
My personal opinion is that, we fix any issue, if we can, in edk2 immediately
for current version of openssl (as workaround), and try to fix it in upstream
for future release at the same time. Once upstream has fixed the issue and
edk2 has decided to upgrade to it, we drop the workaround in edk2. We can
file BZ to track such kind of works.
For this patch, I suggest we still push it. We can drop it and use real fix once
we decide to upgrade openssl future release including your PR.
Thanks,
Jian
>
>
next prev parent reply other threads:[~2019-06-21 8:37 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-19 7:19 [PATCH v1 1/1] CryptoPkg/OpensslLib: Exclude err_all.c in process_files.py Xiaoyu Lu
2019-06-19 22:59 ` Laszlo Ersek
2019-06-20 0:34 ` [edk2-devel] " Wang, Jian J
2019-06-20 7:54 ` David Woodhouse
2019-06-20 14:46 ` Laszlo Ersek
2019-06-20 22:33 ` David Woodhouse
2019-06-21 8:37 ` Wang, Jian J [this message]
2019-06-24 19:54 ` Laszlo Ersek
2019-06-25 8:58 ` Wang, Jian J
2019-06-26 12:46 ` Laszlo Ersek
2019-06-26 13:16 ` Wang, Jian J
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D827630B58408649ACB04F44C51000362592AAFE@SHSMSX107.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox