On Mon, Dec 21, 2015 at 2:38 PM, Jacob Perkins <jacob.perk...@cpanel.net> wrote: > CentOS 5 still ships with OpenSSL 0.9.8, and is still supported for another > year or so. Considering there’s a lot of servers still running CentOS 5 (and > possibly older), it feels as if this would have been caught.
Do you mean could or should have been caught? It wasn't caught until someone compiled it against openssl < 0.9.8m (which is not the latest 0.9.8). I can't see many scenarios where someone will compile a new 2.4.x release and not have a contemporary openssl -- beyond trying to catch exactly these kinds of problems during a release. > Especially something as small as a missing semicolon. Well, usually small problems are the ones that fly under the radar. Anything catastrophic to the build will not go unnoticed, but someone has to build on the affected platform/compiler/prereqs/???. > Would a linter / compile check to proactively check those things help? Dunno, possible.
