svn commit: r264265 - in head: crypto/openssl/crypto/bn crypto/openssl/crypto/ec crypto/openssl/ssl sys/fs/nfsserver
bdrewery at FreeBSD.org
Wed Apr 9 18:07:36 UTC 2014
On 2014-04-09 09:01, Dag-Erling Smørgrav wrote:
> Bryan Drewery <bdrewery at FreeBSD.org> writes:
>> Also, that this was a partial release of 1.0.1g is confusing a LOT of
>> users. They think they are still vulnerable. They expect to see 1.0.1g
>> in 'openssl version'. We could have our own version string in 'openssl
>> version' to remedy this.
> This is no different from what other OSes do, e.g. RHEL6.5:
> % cat /etc/redhat-release
> Red Hat Enterprise Linux Workstation release 6.5 (Santiago)
> % openssl version
> OpenSSL 1.0.1e-fips 11 Feb 2013
> % TZ=UTC rpm -qi openssl
> Name : openssl Relocations: (not
> Version : 1.0.1e Vendor: Red Hat, Inc.
> Release : 16.el6_5.7 Build Date: Mon 07 Apr
> 2014 11:34:45 AM UTC
> Install Date: Tue 08 Apr 2014 05:18:52 AM UTC Build Host:
> which despite the version number and date is *not* vulnerable.
Yes you're right. We're not those projects though. And just because we
have "always" done something a certain way does not mean we must
We released 2/3 of 1.0.1g to 10, 1/3 of it to previous releases. I do
recognize it was not officially 'g'. I am just giving feedback from
many confused users. Many of which were just as confused on Debian
and CentOS as well.
I often think we forget the average user's perspective.
More information about the svn-src-head