First, nobody really REALLY should use version 0.9.8g-4ubuntu3 since it has a grave security bug. Second, _if_ people are using hardy-updates at all, and thus will even see this tor update, they will also have the updated libssl. So I think the current version in -proposed is fine and should be verified.
Runa,
I don't think this is necessary. You patched
-Conflicts: libssl0.9.8 (<< 0.9.8g-4ubuntu3.1)
+Conflicts: libssl0.9.8 (<< 0.9.8g-4ubuntu3)
But hardy has
libssl0.9.8 | 0.9.8g-4ubuntu3 | hardy | amd64, i386
libssl0.9.8 | 0.9.8g-4ubuntu3.5 | hardy-security | amd64, i386
libssl0.9.8 | 0.9.8g-4ubuntu3.5 | hardy-updates | amd64, i386
First, nobody really REALLY should use version 0.9.8g-4ubuntu3 since it has a grave security bug. Second, _if_ people are using hardy-updates at all, and thus will even see this tor update, they will also have the updated libssl. So I think the current version in -proposed is fine and should be verified.