openssl commit

Udo van den Heuvel udovdh at xs4all.nl
Fri Mar 9 04:43:43 UTC 2018


On 08-03-18 21:22, Richard Laager wrote:
>> Can't we simply enforce a reasonable level? (e.g. maximum of XX months
>> old version of openssl)
> 
> Probably not, as backported fixes for particular issues will not
> increment the version number.

But fixes by the openssl team /will/ increment the version number.

So my opinion is that eliminating the openssl version check has only one
drawback: we lose our single possibility to influence what openssl we
build against. This /could/ have certain security implications and thus
tainting ntpsec's name.

Udo




More information about the devel mailing list