[Bug 1991] openssl version checking needs updating

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Mar 30 14:18:55 EST 2012


https://bugzilla.mindrot.org/show_bug.cgi?id=1991

Tim Rice <tim at multitalents.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |tim at multitalents.net

--- Comment #8 from Tim Rice <tim at multitalents.net> 2012-03-30 14:18:55 EST ---
(In reply to comment #7)
> Thinking about it some more, the cases you need to consider:
> #1: you upgrade openssl to a newer fix version.  obviously you don't
> want ssh to stop working and with this diff, it won't.
> 
> #2: you upgrade ssh with something built against the same major and
> minor version but a newer fix version.  Right now, you can't deploy
> that unless you upgrade openssl first.
> 
> is #2 a reasonable thing to do?  I would argue that it is.
> 
> Damien's counter-argument is from the OpenSSL home page: "OpenSSL 1.0.1
> is now available, including new features".

#2 would allow "bad" practice in the general sense.
Meaning, while it may be reasonable for a binary built against an older
lib to be expected to run with a newer lib, it is not reasonable to
expect a binary built with a newer lib to run with an older lib.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list