Another bug on OpenSSL
Reindl Harald
h.reindl at thelounge.net
Sun Jun 8 14:42:34 UTC 2014
Am 08.06.2014 16:21, schrieb Álvaro Castillo:
> Few days was built an patch to solve an another vulnerability into
> OpenSSL(http://bits.blogs.nytimes.com/2014/06/05/new-bug-found-in-widely-used-openssl-encryption/?_php=true&_type=blogs&_r=0).
> Some sources talks about that's bug was discovered a long time ago but
> does not fixed.
>
> However, OpenBSD was created a fork called LibreSSL try to solve this
> issues. Should Fedora to move LibreSSL (http://www.libressl.org/)? Or
> still use OpenSSL and wait what's bug could be found today, or
> tomorrow, or few months to go similar Adobe Flash bugs?
you realized that LibreSSL *backported* the bugs you are
talking about?
*at the moment* it makes pretty no sense switch to a fork
which is at the begin of the work and currently most likely
has *much more bugs* simply because large changes in a
foreign codebase
frankly - nobody knows about the future of LibreSSL and
OpenSSL, maybe they get merged later or only one of the
projects survives
what are you doing if OpenSSL backports all the changes
and LibreSSL dies in a few years? regret the whole migration
and start the game again?
in a short: if it comes to security avoid actions by reflex
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140608/04282c17/attachment.sig>
More information about the devel
mailing list