On 2016-11-05 21:59:27 [+0100], Sebastian Andrzej Siewior wrote: > I've been playing with ben. I tried a few things and this is the best I > was able to achieve [0]: > > title = "openssl 1.0"; > is_affected = .build-depends ~ /libssl1.0-dev/; > is_good = .depends ~ /libssl1.0.2/; > is_bad = .depends ~ /libssl1.1/; > > And > > title = "openssl 1.1"; > is_affected = .build-depends ~ /libssl-dev/; > is_good = .depends ~ /libssl1\.1/; > is_bad = .depends ~ /libssl1\.0\.2/;
This does not cover packages which link against 1.0.2 but do not depend on libssl-dev (but inherit their dependencies). So it is up to you what you setup but something should be done because the auto tracker is gone. Sebastian