[openssl-users] [openssl-announce] OpenSSL Security Advisory
Jeffrey Walton
noloader at gmail.com
Mon Jul 13 00:36:59 UTC 2015
>>> In fact, I thought that was the reason we all
>>> had to wait ages before this long standing shortcoming
>>> was fixed.
>>
>> It almost sound like you are complaining you did not have to wait ages :)
>
> It's the inconsistency of first insisting this cannot go
> into a patch and then pushing out a broken implementation
> inside a patch which was only supposed to fix security
> and build issues.
OK.. so that's a legitimate gripe.
OpenSSL has opportunities for improvements in their testing and
release process. There is ***absolutely no reason**** a patch should
not be tested before being released. Its been a chronic problem with
the project.
For what its worth, I've given up on the Testing Group
(https://groups.google.com/forum/#!forum/openssl-testing). No
meaningful change came from it. The devs are still undisciplined in
this area, and they still do what they want.
Jeff
More information about the openssl-users
mailing list