> You don't have to re-emerge Apache, but you do have to re-emerge
> mod_ssl...
I just discovered this, too. So the next question was, what else
depends on openssl?
mail jtosburn # qpkg --installed --query-deps openssl
dev-libs/openssl-0.9.6k *
DEPENDED ON BY:
dev-php/mod_php-4.3.2
dev-php/mod_php-4.3.3-r1
net-dns/bind-9.2.2-r2
net-ftp/ftp-0.17-r3
net-libs/c-client-2002d
net-mail/courier-imap-1.7.3-r1
net-mail/postfix-1.1.11.20020917
net-mail/uw-imap-2002d
net-misc/ntp-4.1.2
net-misc/openssh-3.7.1_p2
net-misc/wget-1.8.2-r2
net-www/links-2.1_pre9
net-www/mod_ssl-2.8.15
So how do you know if something needs to be recompiled when a new
version of openssl comes along? Likewise with any given package, when a
vulnerability is discovered and patched, currently the GLSA's only
describe patching that particular program, and never deal with
dependencies. Sounds like an achilles heel in the system.
Joel Osburn
--
[EMAIL PROTECTED] mailing list
