Re: OT: Re: FYA: http://heartbleed.com/

2014-04-23 Thread Ralph Siegler
On Thu, 10 Apr 2014 03:44:26 +, Ralph W Siegler wrote: > Stuart Henderson spacehopper.org> writes: > > >> On 2014-04-09, sven falempin gmail.com> wrote: >> > i which this : https://polarssl.org was open and inside the base >> >> You can wish, but that is commercial+GPL code so OpenBSD can

Re: OT: Re: FYA: http://heartbleed.com/

2014-04-09 Thread noah pugsley
On Wed, Apr 9, 2014 at 10:25 PM, Theo de Raadt wrote: > > The problem with that as I see it is that people will complain about > > not being able to donate to a specific subset of the project. As > > with OpenSSH in the past and probably present. The same way many > > complained before the foundat

Re: OT: Re: FYA: http://heartbleed.com/

2014-04-09 Thread Theo de Raadt
> The problem with that as I see it is that people will complain about > not being able to donate to a specific subset of the project. As > with OpenSSH in the past and probably present. The same way many > complained before the foundation existed about paying Theo's power > bill and humble salary.

Re: OT: Re: FYA: http://heartbleed.com/

2014-04-09 Thread noah pugsley
On Wed, Apr 9, 2014 at 8:44 PM, Ralph W Siegler wrote: > Stuart Henderson spacehopper.org> writes: > > > > > On 2014-04-09, sven falempin gmail.com> wrote: > > > i which this : https://polarssl.org was open and inside the base > > > > You can wish, but that is commercial+GPL code so OpenBSD can'

Re: OT: Re: FYA: http://heartbleed.com/

2014-04-09 Thread Ralph W Siegler
Stuart Henderson spacehopper.org> writes: > > On 2014-04-09, sven falempin gmail.com> wrote: > > i which this : https://polarssl.org was open and inside the base > > You can wish, but that is commercial+GPL code so OpenBSD can't use it in base. What I would wish for is the OpenSSH project to

Re: OT: Re: FYA: http://heartbleed.com/

2014-04-09 Thread Stuart Henderson
On 2014-04-09, sven falempin wrote: > i which this : https://polarssl.org was open and inside the base You can wish, but that is commercial+GPL code so OpenBSD can't use it in base. https://en.wikipedia.org/wiki/Secure_Transport#Overview Though I wonder how many OpenSSL premium support customer

Re: OT: Re: FYA: http://heartbleed.com/

2014-04-08 Thread sven falempin
On Tue, Apr 8, 2014 at 9:05 PM, noah pugsley wrote: > On Tue, Apr 8, 2014 at 12:40 PM, Theo de Raadt >wrote: > > > > On Tue, Apr 08, 2014 at 15:09, Mike Small wrote: > > > > nobody writes: > > > > > > > >> "read overrun, so ASLR won't save you" > > > > > > > > What if malloc's "G" option were t

OT: Re: FYA: http://heartbleed.com/

2014-04-08 Thread noah pugsley
On Tue, Apr 8, 2014 at 12:40 PM, Theo de Raadt wrote: > > On Tue, Apr 08, 2014 at 15:09, Mike Small wrote: > > > nobody writes: > > > > > >> "read overrun, so ASLR won't save you" > > > > > > What if malloc's "G" option were turned on? You know, assuming the > > > subset of the worlds' programs y