Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg/OpensslLib: Exclude err_all.c in process_files.py

["Wang, Jian J" <jian.j.wang@intel.com>]

Laszlo,

> -----Original Message-----
> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of
> Laszlo Ersek
> Sent: Tuesday, June 25, 2019 3:54 AM
> To: Wang, Jian J <jian.j.wang@intel.com>; devel@edk2.groups.io;
> dwmw2@infradead.org; Lu, XiaoyuX <xiaoyux.lu@intel.com>
> Cc: Ye, Ting <ting.ye@intel.com>; Richard Levitte <levitte@openssl.org>
> Subject: Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg/OpensslLib: Exclude
> err_all.c in process_files.py
> 
> On 06/21/19 10:37, Wang, Jian J wrote:
> > Hi David,
> >
> >
> >> -----Original Message-----
> >> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of
> David
> >> Woodhouse
> >> Sent: Friday, June 21, 2019 6:34 AM
> >> To: devel@edk2.groups.io; lersek@redhat.com; Lu, XiaoyuX
> >> <xiaoyux.lu@intel.com>
> >> Cc: Wang, Jian J <jian.j.wang@intel.com>; Ye, Ting <ting.ye@intel.com>;
> >> Richard Levitte <levitte@openssl.org>
> >> Subject: Re: [edk2-devel] [PATCH v1 1/1] CryptoPkg/OpensslLib: Exclude
> >> err_all.c in process_files.py
> >>
> >> On Thu, 2019-06-20 at 16:46 +0200, Laszlo Ersek wrote:
> >>>> Please submit a PR to OpenSSL to add 'no-store' if you really don't
> >>>> want it.
> >>>
> >>> I actually agree about "no-store"; please see point (1) in my earlier
> >>> review here:
> >>>
> >>> http://mid.mail-archive.com/0c5b5e95-cb2c-75af-a30b-
> >> 015dac14b91c@redhat.com
> >>
> >> Hm, you told them to use no-store, and I think you were right. They
> >> seem to have refused purely because of the piffling detail that it
> >> didn't actually exist. I find this suboptimal. Here:
> >>
> >> https://github.com/openssl/openssl/pull/9206
> >>
> >
> > Thanks for the PR.
> 
> +1
> 
> > And I agree adding the 'no-store' is the right way to fix
> > this issue. But the problem here is that we fixated the openssl to one
> > release tag. We don't change it until we upgrade it to a newer release.
> > That means any fixes in openssl trunk cannot be used by edk2 immediately,
> > not to mention there's possibility that the PR will be rejected. So there's
> > always a lag (maybe a quarter or half year, at least) here.
> >
> > We have also product release pressure which cannot afford quarters of
> > waiting for such kind fixes in upstream.
> >
> > My personal opinion is that, we fix any issue, if we can, in edk2 immediately
> > for current version of openssl (as workaround), and try to fix it in upstream
> > for future release at the same time. Once upstream has fixed the issue and
> > edk2 has decided to upgrade to it, we drop the workaround in edk2. We can
> > file BZ to track such kind of works.
> >
> > For this patch, I suggest we still push it. We can drop it and use real fix once
> > we decide to upgrade openssl future release including your PR.
> 
> Right, in the most recent particular case, the time pressure to get
> stuff into usable-at-all state, for edk2-stable201905, was huge. I agree
> that "reminder BZs" (about backing out temporary downstream fixes) is
> the way to go. 

I take this as agreement. I pushed this patch at (fixed file ext)

51f7a3e6c5192d3f9a0fa63b0b5617c151180ad7

> Example:
> https://bugzilla.tianocore.org/show_bug.cgi?id=1897

Above one is in our plan. I added BZ#1936 for this one.

https://bugzilla.tianocore.org/show_bug.cgi?id=1936

Thanks,
Jian

> 
> Thanks
> Laszlo
> 
>