Date: Fri, 15 May 2015 11:34:33 -0700 (PDT) From: Roger Marquis <marquis@roble.com> To: freebsd-security@freebsd.org Subject: Re: Forums.FreeBSD.org - SSL Issue? In-Reply-To: <1431705766.3563083.269738569.0FA82C3E@webmail.messagingengine.com> References: <CACRVPYOALi-V8D34zeJTYdSwHshYrqtttqVV3=aP8Yb6ZAxfyg@mail.gmail.com> <2857899F-802E-4086-AD41-DD76FACD44FB@modirum.com> <05636D22-BBC3-4A15-AC44-0F39FB265CDF@patpro.net> <20150514193706.V69409@sola.nimnet.asn.au> <F2460C80-969A-46DF-A44F-6C3D381ABDC3@patpro.net> <5554879D.7060601@obluda.cz> <1431697272.3528812.269632617.29548DB0@webmail.messagingengine.com> <20150515152220.C0CC7689@hub.freebsd.org> <1431705766.3563083.269738569.0FA82C3E@webmail.messagingengine.com>
| previous in thread | raw e-mail | index | archive | help
Mark Felder wrote: >> Another option is a second openssl port, one that overwrites base and >> guarantees compatibility with RELEASE. Then we could at least have all >> versions of openssl in vuln.xml (not that that's been a reliable >> indicator of security of late). >> > > This will never work. You can't guarantee compatibility with RELEASE and > upgrade it too. How do you figure? RedHat does exactly that with every backport, and they do it for the life of a release. Roger
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?>