[Eug-lug] the debian openssl debacle
JimKahn12 at cleawire.net
JimKahn12 at clearwire.net
Wed May 14 08:52:21 PDT 2008
Ubuntu 7.10 had ssl/ssh updates yesterday and today. Who knows about
tomorrow.
Jim K
larry price wrote:
> So I've just finished upgrading all the various debian and ubuntu
> boxes I control, and am about .75 done with the rekeying work that
> goes with.
>
> (if you have no idea what I'm talking about and you run a debian based
> distro, go update your OS now; before you read the rest of this email)
>
> 1. not happy that this completely unnecessary vulnerability was out
> there for more than a year without being found.
>
> 2. happy that it was found through reviews and analysis by project
> members rather than through my machines being compromised.
>
> 3. wondering what could have been done differently to prevent this.
>
> Addressing #3; it would be nice to write a check to someone to go
> towards hiring one of the OpenSSL core developers to be the debian
> package maintainer; not sure who that would be or if that would even
> be the right solution (I seem to remember various circular firing
> squads forming up in debian over who did and did not get money for
> working on the project).
>
> //good night
> _______________________________________________
> EUGLUG mailing list
> euglug at euglug.org
> http://www.euglug.org/mailman/listinfo/euglug
>
>
>
More information about the EUGLUG
mailing list