[Interest] Google Play 60-day deadline for resolving OpenSSL vulnerabilities

[md at rpzdesign.com]

Oops, Sorry.

The message replies boundaries were not that clear.

Nuno, do you have a comment on how to get the proper OpenSSL 
requirements met from Google Play.

Are the Openssl libraries linked into the APK so all we have to do is 
rebuild with QtCreator and re-upload to google play?

Or is there some other thing that we have to do to get around the 
security hole in Openssl and get linked with a fixed version.

The problem as I see it is that Android has the OpenSSL libraries 
already on the device and Qt just dynamically links to them.

So it would be incumbent on the device holder to update the operating 
system to a newer ANdroid to get the latest and safeest openSSL libraries.

What are your comments because even though I thought THiago made the 
comment, he corrected me and you made the "Upgrade and re-load to 
google" comment.

And I am having a hard time understanding the moving pieces of that 
statement.

Thanks,

Mark


On 5/15/2015 11:14 AM, Thiago Macieira wrote:
> On Friday 15 May 2015 07:13:55 rpzrpzrpz at gmail.com wrote:
>> Thiago:
>>
>> What do you mean by the phrase "Upgrade and re-load to Google"
>>
>> Are the OpenSSL libraries linked into the APK from your local NDK?
>>
>> Or are the OpenSSL libraries on the smartphone or tablet device already?
>>
>> Thanks for your response,
>
> I have no clue. I've never developed for Android.
>
> But Nuno has, so he should have the information readily available.
>

-- 
No spell checkers were harmed during the creation of this message.