[colug-432] Heartbleed Heartburn

Rick Troth rmt at casita.net
Thu Apr 10 18:56:35 EDT 2014


I mis-spoke; was not clear and was out of context.

>> > One colleague said that there is a lot of over-reaction.
> I think I disagree here.  The commit in question exposed 
> several things:

Should have said "one colleague said there is some ineffective panic".
What I was trying to convey is better aimed at the changing of
passwords, user stuff. In context, we're talking about sysadmin stuff.

These are all (omitted for brevity) excellent observations. Where did
you find them?

Ironically, in my own builds I have stuck with the OpenSSL 0.9.8 series.
Can't say I feel vindicated and the older OpenSSL brings its own set of
burdens to those who use it. But I expect to look through the code and
see if some of the older brother is free from some of this misdirected
aggressive recoding. (Not the first time someone optimized a bit of code
with dire consequences.)

-- R; <><





More information about the colug-432 mailing list