[openssl-dev] [openssl.org #4589] Resolved: simplifying writing code that is 1.0.x and 1.1.x compatible
Hubert Kario via RT
rt at openssl.org
Wed Jun 29 10:49:03 UTC 2016
On Tuesday 28 June 2016 18:03:39 Salz, Rich via RT wrote:
> > what about Debian CVE-2008-0166 like scenario?
>
> So far that kind of thing seems unlikely, but maybe I'm
> missing the point your trying to make?
even if unlikely, it would make me sleep better at night knowing that
at least one of the core developers did take a look at it
I mean, sure, the same code will need to be written by application
developers wanting compatibility and it will not be reviewed by OpenSSL
developers, but there's a difference between few applications using
bad code and all applications that want backwards API compatibility
using bad code
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4589
Please log in as guest with password guest if prompted
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160629/a3eed118/attachment.sig>
More information about the openssl-dev
mailing list