* John Dallaway <j...@dallaway.org.uk> wrote: > Mark, was there much effort involved in updating Andrew Lunn's original > port of OpenSSL v0.9.6b? The version numbering suggests no major changes.
There were an awful lot of changes; that range spans almost nine years of development. See http://www.openssl.org/news/changelog.html for full details. (BTW, OpenSSL release numbering doesn't follow the traditional major.minor.patch inaming scheme; it might be better described as major.submajor.minor[patch].) By the way, 0.9.8o is the subject of two recent security advisories; anybody using it in a real project ought to upgrade to 0.9.8q or at the very least read the advisories carefully and consider applying the patches given within. (Indeed, anybody using OpenSSL in a real project ought at the very least to subscribe to openssl-announce.) > Does anyone have up-to-date information (with reference) on the > restrictions for hosting this class of cryptographic source code on a > publically-accessible server located in the United States? The Debian project researched the situation a few years ago - with legal assistance - and consequently decided to integrate crypto with their main distribution, jump through a few hoops to notify the US government about it, and stop maintaining their non-US crypto download site. http://www.debian.org/legal/cryptoinmain has information. Ross -- Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss