[EMAIL PROTECTED] wrote on 07/16/2008 10:08:31 AM: > 2) using static builds has a benefit: you know exactly what your > application is going to get SSL-wise: you will be sure it is installed > on the target system because you brought it along. The drawback is > that you have to provide your own update path to track security fixes > -- that is compared to an OS/platform where others do the tracking and > updating for you (e.g. active Linux distros with dynamic libraries).
Is this really a drawback? Since OpenSSL updates break backward compatibility, there a problem as well with dynamic libraries. Someone installs an update, possibly automated, possibly the install of another program, and suddenly you application fails in strange ways. [... my quixotic plea for NEVER breaking backward compatibilty] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
