[ATTN MAINTAINERS] OpenSSL 1.0 dependencies
Andrew Schulman
schulman.andrew@epa.gov
Wed Oct 27 13:24:28 GMT 2021
>
> We should get rid of dependencies to the obsolete OpensSSL 1.0 library
> that is no longer maintained upstream and has several critical bugs.
>
> Current and previous versions of the following packages depend on the
> outdated libopenssl100 (a lot of these have many packages depending on
> them in turn and/or are orphaned):
...
> lftp
...
Are you sure about lftp? AFAIK it only uses libssl1.1:
$ lftp --version
LFTP | Version 4.9.2 | Copyright (c) 1996-2020 Alexander V. Lukyanov
...
Libraries used: Expat 2.4.1, idn2 2.3.2, libiconv 1.16, OpenSSL 1.1.1l 24
Aug 2021, Readline 8.1,
zlib 1.2.11
$ ldd /usr/bin/lftp | grep ssl
cygssl-1.1.dll => /usr/bin/cygssl-1.1.dll (0x4c7bc0000)
More information about the Cygwin-apps
mailing list