Date: Wed, 09 Apr 2014 22:12:29 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Nathan Dorfman <na@rtfm.net> Cc: freebsd-security@freebsd.org, Kimmo Paasiala <kpaasial@icloud.com>, Walter Hop <freebsd@spam.lifeforms.nl>, Pawel Biernacki <pawel.biernacki@gmail.com> Subject: Re: Proposal Message-ID: <86d2gqz2he.fsf@nine.des.no> In-Reply-To: <CADgEyUstkxO1i_B9Qsw=K9qT=nrh9evhv8VekMdNKauOQFN6dg@mail.gmail.com> (Nathan Dorfman's message of "Wed, 9 Apr 2014 15:44:53 -0400") References: <9eeba1ab-2ab0-4188-82aa-686c5573a5db@me.com> <8D81F198-36A7-47F4-B486-DA059910A6B4@spam.lifeforms.nl> <867g6y1kfe.fsf@nine.des.no> <CADgEyUstkxO1i_B9Qsw=K9qT=nrh9evhv8VekMdNKauOQFN6dg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Nathan Dorfman <na@rtfm.net> writes: > Is it implausible to suggest that before embarking on the task of > backporting, reviewing, testing and releasing the actual fix, an > announcement could have been made immediately with the much simpler > workaround of adding -DOPENSSL_NO_HEARTBEATS to the OpenSSL compiler > flags? No, that's not implausible, although I don't know whether that workaround was known at the time. It seems obvious in retrospect, but may not have been that obvious under pressure. Was it mentioned in the OpenSSL advisory? If all you wanted to hear was "we're working on it", well, Xin did write that almost on -security exactly 48 hours ago. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86d2gqz2he.fsf>