On Thu, Nov 24, 2016 at 03:20:06PM +0100, Jan Niehusmann wrote: > On Thu, Nov 24, 2016 at 03:59:10PM +0200, Adrian Bunk wrote: > > If inspection is not easily possible, then adding a dependency on > > libssl1.0-dev to qtbase5-private-dev should be sufficient to > > ensure that this is not leaked to a different OpenSSL version. > > I see two disadvantages: > > 1) doesn't catch cases where a package doesn't depend on libssl at all, > but depends on two libraries which in turn use qt and libssl. >...
I was answering to the "exposes OpenSSL internels (e.g. opaque structs) in its API" problem. When every -dev that contains headers exposing OpenSSL internals depends on the libssl*-dev it uses, then this problem is solved. dlopen() is a separate problem. > But I don't know a better alternative, either. > > Jan cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed