In message <[EMAIL PROTECTED]> on Wed, 27 Oct 2004 15:43:57 -0500, "Douglas E. Engert" <[EMAIL PROTECTED]> said:
deengert> The man pages for ld on Linux say -rpath is used first. This deengert> is unfortunate ... but makes sense from a security point of view (look up LD_LIBRARY_PATH with google and you'll see all the rants about it). deengert> as it means you can't build a number of different packages deengert> to be installed as a group, or even to test the newly built deengert> library. I don't quite understand the argument that different packages wouldn't be possible to install as a group, can you elaborate? As to testing, I'm guessing LD_PRELOAD is your friend. I'm gonna do some tests around that. I'd like to know what Unix-like architectures do NOT support LD_PRELOAD, and what to do on those. deengert> One of the problems is that different sub releases of deengert> OpenSSL use the same library names 0.9.7 where as a new deengert> release which adds functionality such as the AES-265-... deengert> should increment the library version. There are differing opinions about that, but essentially, I agree. If a library pretends to be the same, an application using it shouldn't get this kind of surprise. The CFB1 cipher mode was brought on by the new FIPS functionality, which was prepared for 0.9.7, and tested as such. There were a number of "powers" involved, so to say... Oh well. Cheers, Richard ----- Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [EMAIL PROTECTED] http://richard.levitte.org/ "When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up." -- C.S. Lewis ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
