[PATCH 1/1] Just warn if linked libssl is more recent
a.cudbardb at freeradius.org
Tue Jun 17 11:38:42 CEST 2014
On 17 Jun 2014, at 10:20, Fajar A. Nugraha <list at fajar.net> wrote:
> On Tue, Jun 17, 2014 at 4:10 PM, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
> On 17 Jun 2014, at 08:43, Christian Hesse <list at eworm.de> wrote:
> > Still the question is whether freeradius should break on ABI incompatibility
> > change (which should still give a warning with my patch) or break on *every*
> > openssl update, regardless of whether or not ABI changed.
> > Searching for "freeradius libssl version mismatch" gives a lot of matches, so
> > looks like this is a real issue.
> Some of those aren't for FreeRADIUS.
> OpenSSH has also adopted this approach, with a very similar message to us.
> Obviously they got annoyed too.
> I've changed the behaviour to match theirs.
> ... and apparently Debian's "solution" to the problem (from the same page) is
> * Restore patch to disable OpenSSL version check (closes: #732940).
> So FR's position is to leave it to official distro packagers to disable it as well, just like allow_vulnerable_openssl?
FR's position is that package maintainers should re-build the FreeRADIUS package
when they build new MAJOR/MINOR versions of the OpenSSL package.
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the Freeradius-Devel