Another bug on OpenSSL

drago01 drago01 at gmail.com
Sun Jun 8 15:37:02 UTC 2014


On Sun, Jun 8, 2014 at 4:42 PM, Reindl Harald <h.reindl at thelounge.net> wrote:
>
> Am 08.06.2014 16:21, schrieb Álvaro Castillo:
>> Few days was built an patch to solve an another vulnerability into
>> OpenSSL(http://bits.blogs.nytimes.com/2014/06/05/new-bug-found-in-widely-used-openssl-encryption/?_php=true&_type=blogs&_r=0).
>> Some sources talks about that's bug was discovered a long time ago but
>> does not fixed.
>>
>> However, OpenBSD was created a fork called LibreSSL try to solve this
>> issues. Should Fedora to move LibreSSL (http://www.libressl.org/)? Or
>> still use OpenSSL and wait what's bug could be found today, or
>> tomorrow, or few months to go similar Adobe Flash bugs?
>
> you realized that LibreSSL *backported* the bugs you are
> talking about?
>
> *at the moment* it makes pretty no sense switch to a fork
> which is at the begin of the work and currently most likely
> has *much more bugs* simply because large changes in a
> foreign codebase

Well add to that that it currently is (Open)BSD only afaik.


More information about the devel mailing list