43:["$","div",null,{"className":"px-4","children":[["$","h2",null,{"className":"mb-4 text-sm font-medium text-balance text-muted-foreground tabular-nums","children":[0," comments"]}],["$","$L45",null,{"comments":[{"item":{"id":7818543,"type":"comment","by":"Alupis","time":1401396911,"title":"$undefined","url":"$undefined","text":"There is no doubt that is the intention.

The doubt is whether or not it is a good call to fork openssl instead of attempting to get changes into upstream that fix it and make it better, safer, more reliable.","score":"$undefined","descendants":"$undefined","kids":[7819092,7818797],"parent":7818386,"dead":"$undefined","deleted":"$undefined"},"children":[{"item":{"id":7819092,"type":"comment","by":"protomyth","time":1401403421,"title":"$undefined","url":"$undefined","text":"Well, one of the bugs that got fixed in LibreSSL was reported to OpenSSL with a patch which was not applied. If they ignore that stuff, then you have to fork.

http://www.openbsd.org/papers/bsdcan14-libressl/mgp00008.htm...","score":"$undefined","descendants":"$undefined","kids":"$undefined","parent":7818543,"dead":"$undefined","deleted":"$undefined"},"children":[]},{"item":{"id":7818797,"type":"comment","by":"sigzero","time":1401400078,"title":"$undefined","url":"$undefined","text":"Are we talking about OpenSSL that had bugs languishing for years? Yeah, good luck with that one. LibreSSL was the way to go and the OpenBSD folks are the ones I trust to do it.","score":"$undefined","descendants":"$undefined","kids":[7819158],"parent":7818543,"dead":"$undefined","deleted":"$undefined"},"children":[{"item":{"id":7819158,"type":"comment","by":"Alupis","time":1401404404,"title":"$undefined","url":"$undefined","text":"Yup, just like all these OpenSSH bugs:

https://bugzilla.mindrot.org/buglist.cgi?bug_status=__open__...

Fork it now!

~~~

Seriously, stop buying into all the hype generated by heartbleed. Things will simmer down, and it's doubtful libressl will replace openssl anytime in the next 5 years as the standard default ssl lib for many things.

I do not buy into OpenSSL devs not wanting bugfixes.

Where are the public rejections/closures of submitted fixes? There aren't any. There are just assumptions that they wont take certain patches, or submitted patches waiting for review (how about you jump in and help review?).","score":"$undefined","descendants":"$undefined","kids":"$undefined","parent":7818797,"dead":"$undefined","deleted":"$undefined"},"children":[]}]}]}],"op":"lomnakkus"}]]}]

0 comments

0 comments