On 6/11/15, Michal Suchanek <hramr...@gmail.com> wrote: > > When you link dynamically with libssl then your distribution is > responsible for updating libssl in response to libssl vulnerabilities. >
Yes. On the other hand, Fossil only uses libssl on the client side. And client-side SSL has far fewer and less severe vulnerabilities than server-side. So even if vulnerabilities are discovered and you do not update, you are probably still ok. -- D. Richard Hipp d...@sqlite.org _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users