On Thu, Jan 05, 2017 at 09:39:16PM +0100, Sebastian Andrzej Siewior wrote:
> On 2016-12-31 17:35:47 [+0100], Julien Cristau wrote:
> > Is this really something we need to be shipping? If yes, I'd personally
> > really like this to get an explicit exemption from normal policy by the
> > security team, so please talk to them (debian-security@ldo is not it).
>
> I have been made aware of my mistake and I bounced the original email to
> security@d.o with no response yet. I haven't got any response from them
> yet so it looks like sslscan will link against libssl1.0.
I did reply to you (as did Thijs), but as mentioned before there's no
need for that code copy in _stretch_, since 1.0.2 should still provide
ample legacy support.
Cheers,
Moritz
