Am 08.06.2014 16:21, schrieb Álvaro Castillo: > Few days was built an patch to solve an another vulnerability into > OpenSSL(http://bits.blogs.nytimes.com/2014/06/05/new-bug-found-in-widely-used-openssl-encryption/?_php=true&_type=blogs&_r=0). > Some sources talks about that's bug was discovered a long time ago but > does not fixed. > > However, OpenBSD was created a fork called LibreSSL try to solve this > issues. Should Fedora to move LibreSSL (http://www.libressl.org/)? Or > still use OpenSSL and wait what's bug could be found today, or > tomorrow, or few months to go similar Adobe Flash bugs?
you realized that LibreSSL *backported* the bugs you are talking about? *at the moment* it makes pretty no sense switch to a fork which is at the begin of the work and currently most likely has *much more bugs* simply because large changes in a foreign codebase frankly - nobody knows about the future of LibreSSL and OpenSSL, maybe they get merged later or only one of the projects survives what are you doing if OpenSSL backports all the changes and LibreSSL dies in a few years? regret the whole migration and start the game again? in a short: if it comes to security avoid actions by reflex
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
