That's a pretty bold statement and doesn't always apply in a product environment.
I have not deployed 1.0.0b (because of the pending issues); I'm still at 1.0.0a and have to decide whether to patch the vulnerabilities, or risk updating OpenSSL completely and retesting all of its consumers. Erik -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Victor Duchovni Sent: Thursday, December 02, 2010 6:09 PM [...] 1.0.0c contains important non-security bug fixes for 1.0.0b, so you should deploy 1.0.0c anyway. [...] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org