Tom Donovan wrote: > William A. Rowe, Jr. wrote: >> >> The other aspect, if a zlib1.dll replacement is needed for some critical >> decryption flaw in zlib again, it will be nice not to force users to >> entirely replace openssl or mod_deflate. So I expect we'll leave it >> as-is. >> > I think mod_deflate on Windows links statically (zlib.lib) while openssl > is linked dynamically (zdll.lib). At 40-60kb it's no big deal either > way - but the "security flaw in zlib" argument would seem to apply to > both equally. Both static or both dynamic would be more consistent.
This was 2.0 that compiled in the subset of zlib sources directly. 2.2 should (and I'll fix this if I'm wrong) be linked to zlib1.dll
