On 03/08/2018 05:06 AM, Udo van den Heuvel wrote: > Can we trust the distros to deliver openssl updates in time?
Yes. If you can't trust the distro to deliver security updates, you have a serious problem that cannot be solved by ntpsec's tarball. > Can't we simply enforce a reasonable level? (e.g. maximum of XX months > old version of openssl) Probably not, as backported fixes for particular issues will not increment the version number. -- Richard _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel