rlaager at wiktel.com
Thu Mar 8 09:57:25 UTC 2018
On 03/08/2018 01:40 AM, Udo van den Heuvel via devel wrote:
> Why wouldn't we require a certain openssl version as there are a number
> of security vulnerabilities in (older) openssl?
Isn't this potentially the case with any dependency? Shouldn't this be
handled through normal update mechanisms, rather than every application
trying to enforce a secure version of its dependencies?
More information about the devel