Hi,
openssl 0.9.8f has been released and includes fixes for the two
vulnerabilities that we patched so far.
The downside is that 0.9.8f breaks binary compatibility. And since
openssl is in core, we don't list it as a dependency anywhere, so revdep
fails.
Did this situation come up before? I don't know what's how to handle
this the best way.
On idea could be to not update openssl in the 2.3 branch and only push
0.9.8f to the 2.4 branch.
Regards,
Tilman
--
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?
