Hi! Yes, its me again with my dumb questions:)
Zorp depends on libssl. DSA-393-1 says that libssl 0.9.7c-1 should be okay. The shlibs file of libssl0.9.7 contains an unversioned dependency, and because of that, zorp's dependency is also not versioned. Questions: -Should I bother to give a dependency to a package version which is without known vulnerability( >= 0.9.7c-1) ? In a security-oriented software? -If giving dependency to not-known-vulnerable version is okay, how should I do it in a clean way? In shlibs.local (which I just got rid of;) ? -Is it nice behaviour from libssl to give unversioned dependency? -- GNU GPL: csak tiszta forrásból
