openoffice-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pedro Giffuni <>
Subject Re: [QUESTION] Dependency on OpenSSL
Date Thu, 09 Jun 2016 15:43:07 GMT
Hi Dennis;

> I recall discussions of OpenSSL and updating our dependency on it to a better/patched
> What I don't know is whether the binaries that are built and distributed directly by
the project
> incorporate OpenSSL in any manner?
> Can anyone clear that up?
>   1. Do our built binaries depend on and distribute OpenSSL in some manner?
>   2. Is this for all platforms or only some of them?

While your questions are interesting, and we really must keep OpenSSL 
updated, it would seems like you want to limit the impact of what could 
be considered a liability. I think in our modern world the opposite 
approach is necessary: we should be looking at considering encryption 
more as an opportunity than a threat.

It looks like we have been avoiding including openssl where we should 
have: the general build *should* depend on OpenSSL for APR, curl, and 
python. I have never really worried about it because my primary platform 
(FreeBSD .. yeah!) uses the pre-packaged dependencies by default and 
those depend on OpenSSL.

So, my answers to your questions are:

1) I hope so, and if we are not, we have to fix that.

2) We absolutely must keep all platforms consistent.


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message