Another bug on OpenSSL

[Nico Kadel-Garcia]

It's not stable yet, and it's not ported to other operating systems.
the folks over at OpenBSD do import some powerful security tools and
keep them clean, such SSH. (No, they didn't writ it, they ported it
and maintain the core code.)

But that means it's unlikely to work well on other operating systems
until it's ported back: The folks there have some interesting policies
about randomization, chroot behavior, and coding to OpenBSD, not any
other OS, that will keep  it unstable for a while on other operating
systems.

Now, if you've got the expertise and time to help with that, it seems
a well founded and sensible project.


On Sun, Jun 8, 2014 at 10:34 AM, Jon Kent <jon.kent at gmail.com> wrote:
> At present I have more trust in the OpenBSD guys than OpenSSL based upon
> their previous work. So I'd prefer to move to LibreSSL once stable
>
> Just my 2c worth.
>
> Jon
>
> On 8 Jun 2014 15:21, "Álvaro Castillo" <netsys at fedoraproject.org> wrote:
>>
>> Dear mailing list,
>>
>> Few days was built an patch to solve an another vulnerability into
>>
>> OpenSSL(http://bits.blogs.nytimes.com/2014/06/05/new-bug-found-in-widely-used-openssl-encryption/?_php=true&_type=blogs&_r=0).
>> Some sources talks about that's bug was discovered a long time ago but
>> does not fixed.
>>
>> However, OpenBSD was created a fork called LibreSSL try to solve this
>> issues. Should Fedora to move LibreSSL (http://www.libressl.org/)? Or
>> still use OpenSSL and wait what's bug could be found today, or
>> tomorrow, or few months to go similar Adobe Flash bugs?
>> --
>> devel mailing list
>> devel at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/devel
>> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
>
>
> --
> devel mailing list
> devel at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct