[Info-vax] VSI OpenVMS Roadmap, December 2022
Craig A. Berry
craigberry at nospam.mac.com
Fri Dec 30 09:25:54 EST 2022
On 12/29/22 10:00 PM, Bob Gezelter wrote:
> On Thursday, December 29, 2022 at 7:14:08 PM UTC-5, John Dallman wrote:
>> In article <toku1b$di0h$1... at dont-email.me>, seao... at hoffmanlabs.invalid
>> (Stephen Hoffman) wrote:
>>
>>> Updated roadmap has been posted:
>>> https://vmssoftware.com/about/roadmap/
>> OpenJDK and OpenSSL (Assuming that's what "SSL3" is) will need frequent
>> security updates. Serious vulnerabilities show up in them fairly often.
>>
>> John
> John,
>
> I would hope that "annual release" does not refer to patches.
> OpenSSL vulnerabilities need to be patched together with other OSes. Otherwise,
> there will be issues with ongoing security compliance.
What the Roadmap says for OpenVMS v9.2-1 is that it will include "SSL3
built-in." It's a little cryptic but I'm pretty sure that has to mean
that they will be moving from OpenSSL 1.1.x to OpenSSL 3.x as part of
the base OS install. Some layered products are already beginning to
require OpenSSL 3.x as a prerequisite.
Patches to OpenSSL will obviously be much more frequent than annual
since that's what they've been doing already, e.g., OpenSSL 1.1.1s and
3.0.7 kits were released in the last few days. They haven't always been
up to the minute, but the release cadence with VSI is vastly better than
anything that ever happened in the CPQ/HP/HPE era.
The Roadmap clearly states, "VSI expects to release new operating system
versions on a yearly basis after 2023" so the annual thing obviously has
nothing to do with patches or layered product updates.
More information about the Info-vax
mailing list