Today I downgraded =dev-libs/openssl-1.0.2e to =dev-libs/openssl-1.0.1p for various reasons. After downgrading I also verified with "revdep-rebuild -ipv" (and revdep-rebuild.sh) that nothing was broken. Now I rebooted the system and sshd failed to start: > OpenSSL version mismatch. Built against 1000205f, you have 1000110f > * ERROR: sshd failed to start Can we please disable OpenSSH's OpenSSL version check? The SONAME check should be enough. If not we should add OpenSSL's version to dev-libs/openssl subslot so that net-misc/openssh can bind to that subslot. On downgrades this would would trigger a rebuild... so you have at least *one* chance to detect that before you lose SSH access. Debian is using http://anonscm.debian.org/cgit/pkg-ssh/openssh.git/tree/debian/patches/no-openssl-version-status.patch However this patch looks like only enabling upgrades.
SONAMEs guarantee forward compatibility, not backwards. i don't want to research every version bump to make sure that downgrades are safe.
(In reply to SpanKY from comment #1) and by forward compatibility, i mean you can use newer libs built against older ones. what is normally referred to backwards compatibility.
