[Bug 1991] openssl version checking needs updating
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Mar 30 14:18:55 EST 2012
https://bugzilla.mindrot.org/show_bug.cgi?id=1991
Tim Rice <tim at multitalents.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |tim at multitalents.net
--- Comment #8 from Tim Rice <tim at multitalents.net> 2012-03-30 14:18:55 EST ---
(In reply to comment #7)
> Thinking about it some more, the cases you need to consider:
> #1: you upgrade openssl to a newer fix version. obviously you don't
> want ssh to stop working and with this diff, it won't.
>
> #2: you upgrade ssh with something built against the same major and
> minor version but a newer fix version. Right now, you can't deploy
> that unless you upgrade openssl first.
>
> is #2 a reasonable thing to do? I would argue that it is.
>
> Damien's counter-argument is from the OpenSSL home page: "OpenSSL 1.0.1
> is now available, including new features".
#2 would allow "bad" practice in the general sense.
Meaning, while it may be reasonable for a binary built against an older
lib to be expected to run with a newer lib, it is not reasonable to
expect a binary built with a newer lib to run with an older lib.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list