True that’s possible, except that it only applies if customers actually install a corrected older version that we make available. We can pour the clean water but can’t make the customer drink it; he might still be drinking the dirty water.
Thanks for that suggestion. Dave +-+-+-+-+-+-+-+-+- Dave McLellan, VMAX Software Engineering, EMC Corporation, 176 South St. Mail Stop 176-V1 1/P-36, Hopkinton, MA 01749 Office: 508-249-1257, Mobile: 978-500-2546, dave.mclel...@emc.com<mailto:dave.mclel...@emc.com> +-+-+-+-+-+-+-+-+- From: Alan Buxey [mailto:a.l.m.bu...@lboro.ac.uk] Sent: Tuesday, April 08, 2014 2:00 PM To: openssl-users@openssl.org; mclellan, dave Subject: Re: CVE 2014-0160 -- disabling the heartbeat ...or take the upstream fix...apply to your older version and keep the heartbeat functionality. Which is what I believe the very latest redhat/centos patches do Alan
