From owner-freebsd-questions@FreeBSD.ORG Wed Apr 9 19:14:15 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C1634DB0 for ; Wed, 9 Apr 2014 19:14:15 +0000 (UTC) Received: from ozzie.tundraware.com (ozzie.tundraware.com [75.145.138.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "ozzie.tundraware.com", Issuer "ozzie.tundraware.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 67E6A1313 for ; Wed, 9 Apr 2014 19:14:15 +0000 (UTC) Received: from [10.219.131.214] ([66.175.245.1]) (authenticated bits=0) by ozzie.tundraware.com (8.14.8/8.14.8) with ESMTP id s39JE4Iu052943 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Wed, 9 Apr 2014 14:14:05 -0500 (CDT) (envelope-from tundra@tundraware.com) Message-ID: <53459BF7.1050000@tundraware.com> Date: Wed, 09 Apr 2014 14:13:59 -0500 From: Tim Daneliuk User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 To: Thomas Hoffmann , FreeBSD Questions Subject: Re: Does openssl Fix Bump The Version Number? References: <53454EFA.3040207@tundraware.com> <53454F42.8070003@tundraware.com> <1397068357794-5902066.post@n5.nabble.com> <1397068585974-5902068.post@n5.nabble.com> <1397069093456-5902072.post@n5.nabble.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.4.3 (ozzie.tundraware.com [75.145.138.73]); Wed, 09 Apr 2014 14:14:05 -0500 (CDT) X-TundraWare-MailScanner-Information: Please contact the ISP for more information X-TundraWare-MailScanner-ID: s39JE4Iu052943 X-TundraWare-MailScanner: Found to be clean X-TundraWare-MailScanner-From: tundra@tundraware.com X-Spam-Status: No Cc: Jakub Lach X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Apr 2014 19:14:15 -0000 On 04/09/2014 01:53 PM, Thomas Hoffmann wrote: > On Wed, Apr 9, 2014 at 2:44 PM, Jakub Lach wrote: > >> Check the date of the produced binary or test for vulnerability >> on your own hand if paranoid. I've linked relevant changes in >> source code. >> > > Have a look at this thread: > http://docs.freebsd.org/cgi/getmsg.cgi?fetch=9476970+0+current/svn-src-head > To steal from our Python colleagues: Explicit is better than implicit. A patched piece of infrastructure of this importance should be obviously so to anyone who cares. In the course of my work I deal with many hundreds of servers (well over 1000 at this point) and having to figure out what REALLY is going on across Cent, FBSD, RHEL, SLES, AIX, Solaris .... is very painful and time consuming. I appreciate the fact that the FreeBSD maintainers are volunteers and I'm not diminishing their hard work here, but we do position FreeBSD as an enterprise server class environment .... 'just sayin' ... -- ---------------------------------------------------------------------------- Tim Daneliuk tundra@tundraware.com PGP Key: http://www.tundraware.com/PGP/