Re: OpenSSL 1.1.0
On Thu, Nov 24, 2016 at 03:59:10PM +0200, Adrian Bunk wrote:
> If inspection is not easily possible, then adding a dependency on
> libssl1.0-dev to qtbase5-private-dev should be sufficient to
> ensure that this is not leaked to a different OpenSSL version.
I see two disadvantages:
1) doesn't catch cases where a package doesn't depend on libssl at all,
but depends on two libraries which in turn use qt and libssl.
2) needlessly affects packages which use qt, but don't use QNetwork /
QSsl.
But I don't know a better alternative, either.
Jan
Reply to: