So I've just finished upgrading all the various debian and ubuntu boxes I control, and am about .75 done with the rekeying work that goes with.
(if you have no idea what I'm talking about and you run a debian based distro, go update your OS now; before you read the rest of this email) 1. not happy that this completely unnecessary vulnerability was out there for more than a year without being found. 2. happy that it was found through reviews and analysis by project members rather than through my machines being compromised. 3. wondering what could have been done differently to prevent this. Addressing #3; it would be nice to write a check to someone to go towards hiring one of the OpenSSL core developers to be the debian package maintainer; not sure who that would be or if that would even be the right solution (I seem to remember various circular firing squads forming up in debian over who did and did not get money for working on the project). //good night _______________________________________________ EUGLUG mailing list euglug@euglug.org http://www.euglug.org/mailman/listinfo/euglug