Excerpts from Brandon Allbery's message of 2014-04-10 21:24:15 +0200: > On Thu, Apr 10, 2014 at 3:17 PM, Stephan Fabel <sfa...@hawaii.edu> wrote: > > > Question: given this issue, would anyone recommend switching SSL > > libraries?What about PolarSSL, for example? > > > > Even with this issue, I think openssl gets more security attention than > most of the alternatives. Making sure you're not replacing a steel door you > found a hole in with a flimsy screen can be difficult; *nobody* can do it > by casual inspection in this case, like you could with the actual door. >
There was this (pretty sarcastic) keynote Poul-Henning Kamp[1] gave in an European conference a couple of months ago: http://video.fosdem.org/2014/Janson/Sunday/NSA_operation_ORCHESTRA_Annual_Status_Report.webm It's about critical infrastructure bits in the opensource ecosystem. I assume he knows better than me about the openssl project, and he seems to think it doesn't get the attention it deserves. Anyways, in the perspective of the recent events, I find his opinions good food for thoughts. Cheers, Marc [1] https://en.wikipedia.org/wiki/Poul-Henning_Kamp _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
