英文:
How is openssl 1.1.1 EOL going to affect boringssl / netty-tcnative-boringssl-static?
问题
我的项目依赖于netty-tcnative-boringssl-static以实现内存效率。据我所知,boringssl是从openssl 1.1.1分叉出来的,后者即将到达生命周期终点。我想知道这可能会如何影响boringssl,以及通过传递netty-tcnative-boringssl-static。我能否期望boringssl / netty-tcnative-boringssl-static会继续获得安全补丁?
希望有来自Google's boringssl团队的人能提供一些信息。
英文:
My project relies on netty-tcnative-boringssl-static for memory efficiency. From what I can tell, boringssl was forked from openssl 1.1.1, which is soon reaching end of life. I'd like to know how this might affect boringssl, and transitively netty-tcnative-boringssl-static. Can I expect boringssl / netty-tcnative-boringssl-static to continue with security patches?
Hoping that someone from Google's boringssl team can provide some information.
答案1
得分: 0
BoringSSL旨在与OpenSSL 1.1.1兼容,但定期接收更新。因此,OpenSSL 1.1.1的终止对BoringSSL没有影响。至于netty-tcnative,它会在每次发布新版本时更新其BoringSSL版本(引入最新的chromium-stable BoringSSL分支——文档)。在撰写本文时,chromium-stable分支最后一次更新是在2023年2月,因此它一直在接收更新。
只要你保持与netty发布的最新版本同步,你不必担心OpenSSL 1.1.1的终止。
英文:
While BoringSSL aims to have OpenSSL 1.1.1 compatibility, it is regularly receiving updates. Therefore the OpenSSL 1.1.1 end of life means nothing for BoringSSL. As for netty-tcnative, it updates its version of BoringSSL each time a new version is released (pulling in the latest chromium-stable BoringSSL branch -- docs). At the time of this writing, the chromium-stable branch was last updated in Feb 2023 so it is consistently receiving updates.
As long as you are staying up to date with netty releases, you shouldn't have to worry about OpenSSL 1.1.1's end of life.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论