openssl commit

[Richard Laager]

On 03/08/2018 01:40 AM, Udo van den Heuvel via devel wrote:
> Why wouldn't we require a certain openssl version as there are a number
> of security vulnerabilities in (older) openssl?

Isn't this potentially the case with any dependency? Shouldn't this be
handled through normal update mechanisms, rather than every application
trying to enforce a secure version of its dependencies?

-- 
Richard