>> -1. Please revert the change. The purpose of the check is to identify >> incompatible APIs, not security holes. > > should apache be allowed to be built against a version of OpenSSL that > has a > known problem - I don't think so. But if everybody thinks against - then, > so > be it.
People need to be able to build against older versions specifically so that they can test those older versions and so that they can introduce our newer versions into an environment that has privately patched the other library. > Also, as per your argument, I'd question the validity of the following > checks in acinclude.m4. Does it make sense to eliminate them ??. > OpenSSL "[[1-9]]* > OpenSSL "0.[[1-9]][[0-9]]* Those are to accept all future versions, not deny them. I would be happier if the entire check was removed, but the reason it exists is to check for multiple installed versions and pick the first one that passes the minimum compilable requirement. ....Roy
