openssl version - how to verify
Robert Bonomi
bonomi at mail.r-bonomi.com
Fri Nov 19 20:56:34 UTC 2010
> From owner-freebsd-questions at freebsd.org Mon Nov 15 09:38:53 2010
> Date: Mon, 15 Nov 2010 18:40:27 +0300
> From: c0re <nr1c0re at gmail.com>
> To: FreeBSD <freebsd-questions at freebsd.org>
> Subject: Re: openssl version - how to verify
>
> 2010/11/15 Jerry <freebsd.user at seibercom.net>:
> There are still too many broken ports with openssl from ports, I do
> not like debug it and really like to use base openssl, almost no
> difference.
> But I just want to have some proves that base system openssl has
> security patches because 7.3-RELEASE base openssl is 0.9.8e, but
> 0.9.8e has got security vulnerabilities. But how can I be sure that
> freebsd base system with 0.9.8e version does not have any
> vulnerabilities?
_authoritative_ answer: You _cannot_.
Statement rationale:
"The number of discovered bugs in any system is a finite number.
The number of _UNDISCOVERED_ bugs, on the other hand, is an infinite one.
By definition."
More information about the freebsd-questions
mailing list