Proposal

[Dag-Erling Smørgrav]

Nathan Dorfman <na at rtfm.net> writes:
> Is it implausible to suggest that before embarking on the task of
> backporting, reviewing, testing and releasing the actual fix, an
> announcement could have been made immediately with the much simpler
> workaround of adding -DOPENSSL_NO_HEARTBEATS to the OpenSSL compiler
> flags?

No, that's not implausible, although I don't know whether that
workaround was known at the time.  It seems obvious in retrospect, but
may not have been that obvious under pressure.  Was it mentioned in the
OpenSSL advisory?

If all you wanted to hear was "we're working on it", well, Xin did write
that almost on -security exactly 48 hours ago.

DES
-- 
Dag-Erling Smørgrav - des at des.no