[openssl-users] [openssl-announce] OpenSSL Security Advisory

Jeffrey Walton noloader at gmail.com
Mon Jul 13 00:36:59 UTC 2015

>>> In fact, I thought that was the reason we all
>>> had to wait ages before this long standing shortcoming
>>> was fixed.
>> It almost sound like you are complaining you did not have to wait ages :)
> It's the inconsistency of first insisting this cannot go
> into a patch and then pushing out a broken implementation
> inside a patch which was only supposed to fix security
> and build issues.

OK.. so that's a legitimate gripe.

OpenSSL has opportunities for improvements in their testing and
release process. There is ***absolutely no reason**** a patch should
not be tested before being released. Its been a chronic problem with
the project.

For what its worth, I've given up on the Testing Group
(https://groups.google.com/forum/#!forum/openssl-testing). No
meaningful change came from it. The devs are still undisciplined in
this area, and they still do what they want.


More information about the openssl-users mailing list