Package: libssl1.0.0 Version: 1.0.1e-5 Followup-For: Bug #732940 Kurt Roeckx wrote: > On Sun, Dec 22, 2013 at 02:45:32PM -0800, Josh Triplett wrote: >> >> It's not OK to break forward compatibility without changing SONAME. >> Software built against an older version of a library must always work >> with a newer version that has the same SONAME; that's what the SONAME >> exists for. It'd be perfectly OK for software built against a newer >> OpenSSL to refuse to work with an older version (ideally by requiring a >> symbol the older library doesn't have), but the reverse is a bug, >> regardless of the mechanism. > > Openssl does not do this version check, nor does it suggest to do > any such check. I think I've already filed this bug against > openssh twice and it seems to be comming back. > > I don't see how openssl is breaking either forward or backward > compatibility. It just changed the version it returned. Openssl > can't be responible for whatever people do with that version.
I stand corrected; my apologies. I've seen so many libraries that put in version checks like this that I assumed the version check lived in OpenSSL, not OpenSSH. You're right, this is *not* an OpenSSL bug, it's an OpenSSH bug. I'll reassign accordingly. - Josh Triplett -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.11-2-amd64 (SMP w/4 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libssl1.0.0 depends on: ii debconf [debconf-2.0] 1.5.52 ii libc6 2.17-97 ii multiarch-support 2.17-97 libssl1.0.0 recommends no packages. libssl1.0.0 suggests no packages. -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org