Another bug on OpenSSL
h.reindl at thelounge.net
Sun Jun 8 14:42:34 UTC 2014
Am 08.06.2014 16:21, schrieb Álvaro Castillo:
> Few days was built an patch to solve an another vulnerability into
> Some sources talks about that's bug was discovered a long time ago but
> does not fixed.
> However, OpenBSD was created a fork called LibreSSL try to solve this
> issues. Should Fedora to move LibreSSL (http://www.libressl.org/)? Or
> still use OpenSSL and wait what's bug could be found today, or
> tomorrow, or few months to go similar Adobe Flash bugs?
you realized that LibreSSL *backported* the bugs you are
*at the moment* it makes pretty no sense switch to a fork
which is at the begin of the work and currently most likely
has *much more bugs* simply because large changes in a
frankly - nobody knows about the future of LibreSSL and
OpenSSL, maybe they get merged later or only one of the
what are you doing if OpenSSL backports all the changes
and LibreSSL dies in a few years? regret the whole migration
and start the game again?
in a short: if it comes to security avoid actions by reflex
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 246 bytes
Desc: OpenPGP digital signature
More information about the devel