Walter Goulet dixit: >offering. I personally have not yet decided if I will indeed revoke,
You *must* revoke. http://arstechnica.com/security/2014/04/heartbleed-vulnerability-may-have-been-exploited-months-before-patch/ not only shows that this has been exploited since November, but also contains a comment from the guy who said “don’t panic, it is unlikely that private keys have leaked” yesterday, correcting himself. See also: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744027 ObAmusing: switching to other implementations? Nope. OpenSSL, NSS and the Java™ crowd are the only ones to mostly get it right. http://pbs.twimg.com/media/Bk0DY8XCEAAPpS7.png:large bye, //mirabilos -- <Natureshadow> Warum ist MirWebseite eigentlich so cool? <mirabilos> weil ich ich sie geschrieben habe <Natureshadow> Hast du sie geschrieben oder geforkt? <mirabilos> geschrieben, from scratch <Natureshadow> Ach, deshalb finde ich auch so selten Bugs dadrin. Irgendwie hast du Recht. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
