tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Minium version of OpenSSL required by "pkgsrc"

On Mon, Feb 10, 2014 at 02:04:37PM +0100, Thomas Klausner wrote:
> On Sun, Feb 09, 2014 at 11:42:17AM +0000, Matthias Scheler wrote:
> > the minimum OpenSSL API version that we currently accept in "pkgsrc"
> > is 0.9.6m. I would like to bump this to 1.0.1c (same as the API dependency)
> > for security reasons:
> We usually don't bump for security reasons (that's what
> pkg-vulnerabilities is for), ...

But we cannot use "pkg-vulnerabilities" to warn that Mac OS X Lion or
NetBSD 5.1 ship with an outdated builtin OpenSSL.

> ... but the other reasons sound convincing.
> Fine with me!


BTW: if I bump the API version I need to perform a recursive bump, don't I?

        Kind regards

Matthias Scheler                       

Home | Main Index | Thread Index | Old Index