[openssl-users] [openssl-announce] OpenSSL Security Advisory
noloader at gmail.com
Mon Jul 13 00:36:59 UTC 2015
>>> In fact, I thought that was the reason we all
>>> had to wait ages before this long standing shortcoming
>>> was fixed.
>> It almost sound like you are complaining you did not have to wait ages :)
> It's the inconsistency of first insisting this cannot go
> into a patch and then pushing out a broken implementation
> inside a patch which was only supposed to fix security
> and build issues.
OK.. so that's a legitimate gripe.
OpenSSL has opportunities for improvements in their testing and
release process. There is ***absolutely no reason**** a patch should
not be tested before being released. Its been a chronic problem with
For what its worth, I've given up on the Testing Group
meaningful change came from it. The devs are still undisciplined in
this area, and they still do what they want.
More information about the openssl-users