> So now instead of simply backporting a patch to the distibution's openssl library, every single app maintainer of each app that uses it has to do this and provide an update.
That’s false. OpenSSL is part of the runtime[1] and only needs to be updated there.
Ok bad example then, and I didn't know that, but most libs are not part of the runtime :) I just mentioned openssl as an example of a frequently linked library.
That’s false. OpenSSL is part of the runtime[1] and only needs to be updated there.
[1]: https://gitlab.com/freedesktop-sdk/freedesktop-sdk/-/blob/ma...