On 9 Apr 2014, at 15:19, Kubilay Kocak <koobs.free...@gmail.com> wrote:
> That expectation is orthogonal to whether we or other projects do it one > way or another. RHEL users may well be as confused as ours (whether of > not ours are). It may be relevant as a data point, but not for decision > making. I can confirm that, as a user (albeit a slightly sleep-deprived one at the time) I was confused. I believe that I'm now running the correct version, as my libssl.so has a creation date of yesterday, but I don't have a good way of verifying it. It would be great for future security advisories to have a 'how to tell if you're affected' and 'how to tell if you're patched' section. I noticed that freebsd-update told me (after the fetch phase) that I should rebuild all third-party software. I have been following the instructions that we give to users and not building most software on that machine myself. I don't know if there are any packages that statically link to libssl.a (or even if we have a mechanism for determining that), but I'd hope that these would get separate VuXML reports for pkg audit to pick up. David _______________________________________________ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"