On 03/08/2018 01:40 AM, Udo van den Heuvel via devel wrote: > Why wouldn't we require a certain openssl version as there are a number > of security vulnerabilities in (older) openssl?
Isn't this potentially the case with any dependency? Shouldn't this be handled through normal update mechanisms, rather than every application trying to enforce a secure version of its dependencies? -- Richard _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
