openssl commit

Hal Murray hmurray at
Fri Mar 9 06:45:05 UTC 2018

> So my opinion is that eliminating the openssl version check has only one
> drawback: we lose our single possibility to influence what openssl we build
> against. This /could/ have certain security implications and thus tainting
> ntpsec's name. 

I don't think the version check is intended to catch security issues.  It's 
checking the API.

If we want to check for security issues, we would have to dispatch on the 
major/minor version and then check the patch level, or something like that.

Beside, what would you do if you knew the installed version of OpenSSL had 
security issues?  Does not building solve anything?

These are my opinions.  I hate spam.

More information about the devel mailing list