Re: embedding openssl source in sslcan

To: debian-release@lists.debian.org
Cc: debian-security@lists.debian.org, team@security.debian.org
Subject: Re: embedding openssl source in sslcan
From: "Thijs Kinkhorst" <thijs@debian.org>
Date: Mon, 2 Jan 2017 11:35:30 +0100
Message-id: <[🔎] 7d711807eb7905e55a73122f1d3edd1e.squirrel@aphrodite.kinkhorst.nl>
In-reply-to: <slrno5qp4q.ako.jmm@inutil.org>
References: <20161222123710.pbppawo4k6trfzyy@breakpoint.cc> <slrno5qp4q.ako.jmm@inutil.org>

On Fri, December 23, 2016 18:53, Moritz MÃ¼hlenhoff wrote:
> Sebastian Andrzej Siewior <sebastian@breakpoint.cc> schrieb:
>
> Please use team@security.debian.org if you want to reach the security
> team, not debian-security@ldo.
>
>> tl;dr: Has anyone a problem if sslscan embeds openssl 1.0.2 in its
>> source?
>
> That's for post-stretch, right? Right now it can simply link against
> the 1.0.2 copy,
>
> Seems fine to me for that use case, and it won't need any security
> updates to the embedded openssl copy for all practical purposes anyway.

I agree, the risk for this use case is quite low, and having tools like
sslscan readily available in Debian is greatly beneficial for security.


Cheers,
Thijs

Reply to:

Follow-Ups:
- Re: embedding openssl source in sslcan
  - From: Christian Seiler <christian@iwakd.de>

Prev by Date: Re: Bug#822604: scanmem: depends on gksu which is deprecated
Next by Date: Bug#849218: transition: imagemagick
Previous by thread: Re: [Pkg-openssl-devel] embedding openssl source in sslcan
Next by thread: Re: embedding openssl source in sslcan
Index(es):
- Date
- Thread