> > We should get rid of dependencies to the obsolete OpensSSL 1.0 library > that is no longer maintained upstream and has several critical bugs. > > Current and previous versions of the following packages depend on the > outdated libopenssl100 (a lot of these have many packages depending on > them in turn and/or are orphaned): ... > lftp ...
Are you sure about lftp? AFAIK it only uses libssl1.1: $ lftp --version LFTP | Version 4.9.2 | Copyright (c) 1996-2020 Alexander V. Lukyanov ... Libraries used: Expat 2.4.1, idn2 2.3.2, libiconv 1.16, OpenSSL 1.1.1l 24 Aug 2021, Readline 8.1, zlib 1.2.11 $ ldd /usr/bin/lftp | grep ssl cygssl-1.1.dll => /usr/bin/cygssl-1.1.dll (0x4c7bc0000)