Hi, openssl 0.9.8f has been released and includes fixes for the two vulnerabilities that we patched so far. The downside is that 0.9.8f breaks binary compatibility. And since openssl is in core, we don't list it as a dependency anywhere, so revdep fails. Did this situation come up before? I don't know what's how to handle this the best way. On idea could be to not update openssl in the 2.3 branch and only push 0.9.8f to the 2.4 branch. Regards, Tilman -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail?