hmurray at megapathdsl.net
Fri Mar 9 06:45:05 UTC 2018
> So my opinion is that eliminating the openssl version check has only one
> drawback: we lose our single possibility to influence what openssl we build
> against. This /could/ have certain security implications and thus tainting
> ntpsec's name.
I don't think the version check is intended to catch security issues. It's
checking the API.
If we want to check for security issues, we would have to dispatch on the
major/minor version and then check the patch level, or something like that.
Beside, what would you do if you knew the installed version of OpenSSL had
security issues? Does not building solve anything?
These are my opinions. I hate spam.
More information about the devel