openssl commit

[Richard Laager]

On 03/08/2018 05:06 AM, Udo van den Heuvel wrote:
> Can we trust the distros to deliver openssl updates in time?

Yes. If you can't trust the distro to deliver security updates, you have
a serious problem that cannot be solved by ntpsec's tarball.

> Can't we simply enforce a reasonable level? (e.g. maximum of XX months
> old version of openssl)

Probably not, as backported fixes for particular issues will not
increment the version number.

-- 
Richard