openssl commit

Richard Laager rlaager at
Thu Mar 8 09:57:25 UTC 2018

On 03/08/2018 01:40 AM, Udo van den Heuvel via devel wrote:
> Why wouldn't we require a certain openssl version as there are a number
> of security vulnerabilities in (older) openssl?

Isn't this potentially the case with any dependency? Shouldn't this be
handled through normal update mechanisms, rather than every application
trying to enforce a secure version of its dependencies?


More information about the devel mailing list