Nathan Dorfman <n...@rtfm.net> writes: > Is it implausible to suggest that before embarking on the task of > backporting, reviewing, testing and releasing the actual fix, an > announcement could have been made immediately with the much simpler > workaround of adding -DOPENSSL_NO_HEARTBEATS to the OpenSSL compiler > flags?
No, that's not implausible, although I don't know whether that workaround was known at the time. It seems obvious in retrospect, but may not have been that obvious under pressure. Was it mentioned in the OpenSSL advisory? If all you wanted to hear was "we're working on it", well, Xin did write that almost on -security exactly 48 hours ago. DES -- Dag-Erling Smørgrav - d...@des.no _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
