Agreed as well..
On 7-6-2012 11:42, Adriaan de Jong wrote:
>> -----Original Message-----
>> From: Frank de Brabander [mailto:braban...@fox-it.com]
>> Sent: donderdag 7 juni 2012 11:36
>> To: Samuli Seppänen; openvpn-devel@lists.sourceforge.net
>> Subject: Re: [Openvpn-devel] PolarSSL 1.1.0 support?
>>
>> Maybe this should actually be changed to >= 1.1.2, since there is a
>> security issue with versions from 0.99-pre4 up to and including
>> PolarSSL 1.1.1.
>>
> The trouble there is that some distro's tend to only backport the security
> patches, and not the version patches. This would throw an extra obstacle in
> their way. Is it really our responsibility to verify that you are using a
> secure version of an SSL library?
>
> Adriaan
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel
