On 2014-04-09 09:01, Dag-Erling Smørgrav wrote:
Bryan Drewery <bdrew...@freebsd.org> writes:
Also, that this was a partial release of 1.0.1g is confusing a LOT of
users. They think they are still vulnerable. They expect to see 1.0.1g
in 'openssl version'. We could have our own version string in 'openssl
version' to remedy this.
This is no different from what other OSes do, e.g. RHEL6.5:
% cat /etc/redhat-release
Red Hat Enterprise Linux Workstation release 6.5 (Santiago)
% openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
% TZ=UTC rpm -qi openssl
Name : openssl Relocations: (not
relocatable)
Version : 1.0.1e Vendor: Red Hat, Inc.
Release : 16.el6_5.7 Build Date: Mon 07 Apr
2014 11:34:45 AM UTC
Install Date: Tue 08 Apr 2014 05:18:52 AM UTC Build Host:
x86-027.build.eng.bos.redhat.com
[...]
which despite the version number and date is *not* vulnerable.
DES
Yes you're right. We're not those projects though. And just because we
have "always" done something a certain way does not mean we must
forever.
We released 2/3 of 1.0.1g to 10, 1/3 of it to previous releases. I do
recognize it was not officially 'g'. I am just giving feedback from
many confused users. Many of which were just as confused on Debian
and CentOS as well.
I often think we forget the average user's perspective.
--
Regards,
Bryan Drewery
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
