Re: Minium version of OpenSSL required by "pkgsrc"

To: tech-pkg%NetBSD.org@localhost
Subject: Re: Minium version of OpenSSL required by "pkgsrc"
From: Matthias Scheler <tron%zhadum.org.uk@localhost>
Date: Mon, 10 Feb 2014 13:53:30 +0000

On Mon, Feb 10, 2014 at 02:04:37PM +0100, Thomas Klausner wrote:
> On Sun, Feb 09, 2014 at 11:42:17AM +0000, Matthias Scheler wrote:
> > the minimum OpenSSL API version that we currently accept in "pkgsrc"
> > is 0.9.6m. I would like to bump this to 1.0.1c (same as the API dependency)
> > for security reasons:
> 
> We usually don't bump for security reasons (that's what
> pkg-vulnerabilities is for), ...

But we cannot use "pkg-vulnerabilities" to warn that Mac OS X Lion or
NetBSD 5.1 ship with an outdated builtin OpenSSL.

> ... but the other reasons sound convincing.
> Fine with me!

Thanks.

BTW: if I bump the API version I need to perform a recursive bump, don't I?

        Kind regards

-- 
Matthias Scheler                                 https://zhadum.org.uk/

Follow-Ups:
- Re: Minium version of OpenSSL required by "pkgsrc"
  - From: Thomas Klausner

References:
- Minium version of OpenSSL required by "pkgsrc"
  - From: Matthias Scheler
- Re: Minium version of OpenSSL required by "pkgsrc"
  - From: Thomas Klausner

Prev by Date: Re: Minium version of OpenSSL required by "pkgsrc"
Next by Date: Re: Minium version of OpenSSL required by "pkgsrc"
Previous by Thread: Re: Minium version of OpenSSL required by "pkgsrc"
Next by Thread: Re: Minium version of OpenSSL required by "pkgsrc"
Indexes:

Home | Main Index | Thread Index | Old Index