From owner-svn-src-all@FreeBSD.ORG Wed Apr 9 18:07:30 2014 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2D962216 for ; Wed, 9 Apr 2014 18:07:30 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E6E691A57 for ; Wed, 9 Apr 2014 18:07:29 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s39I7TpX085123 for ; Wed, 9 Apr 2014 18:07:29 GMT (envelope-from bdrewery@freefall.freebsd.org) Received: (from bdrewery@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s39I7TZj085122 for svn-src-all@freebsd.org; Wed, 9 Apr 2014 18:07:29 GMT (envelope-from bdrewery) Received: (qmail 74556 invoked from network); 9 Apr 2014 13:07:26 -0500 Received: from unknown (HELO roundcube.xk42.net) (10.10.5.5) by sweb.xzibition.com with SMTP; 9 Apr 2014 13:07:26 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Wed, 09 Apr 2014 13:07:26 -0500 From: Bryan Drewery To: =?UTF-8?Q?Dag-Erling_Sm=C3=B8rgrav?= Subject: Re: svn commit: r264265 - in head: crypto/openssl/crypto/bn crypto/openssl/crypto/ec crypto/openssl/ssl sys/fs/nfsserver Organization: FreeBSD In-Reply-To: <86bnwa7gav.fsf@nine.des.no> References: <201404081827.s38IRXiL048987@svn.freebsd.org> <86bnwa7gav.fsf@nine.des.no> Message-ID: <8a794955e9b58cba3f1712f235fdd9e8@shatow.net> X-Sender: bdrewery@FreeBSD.org User-Agent: Roundcube Webmail/0.9.5 Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, Xin LI , secteam@freebsd.org X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Apr 2014 18:07:30 -0000 On 2014-04-09 09:01, Dag-Erling Smørgrav wrote: > Bryan Drewery writes: >> Also, that this was a partial release of 1.0.1g is confusing a LOT of >> users. They think they are still vulnerable. They expect to see 1.0.1g >> in 'openssl version'. We could have our own version string in 'openssl >> version' to remedy this. > > This is no different from what other OSes do, e.g. RHEL6.5: > > % cat /etc/redhat-release > Red Hat Enterprise Linux Workstation release 6.5 (Santiago) > % openssl version > OpenSSL 1.0.1e-fips 11 Feb 2013 > % TZ=UTC rpm -qi openssl > Name : openssl Relocations: (not > relocatable) > Version : 1.0.1e Vendor: Red Hat, Inc. > Release : 16.el6_5.7 Build Date: Mon 07 Apr > 2014 11:34:45 AM UTC > Install Date: Tue 08 Apr 2014 05:18:52 AM UTC Build Host: > x86-027.build.eng.bos.redhat.com > [...] > > which despite the version number and date is *not* vulnerable. > > DES Yes you're right. We're not those projects though. And just because we have "always" done something a certain way does not mean we must forever. We released 2/3 of 1.0.1g to 10, 1/3 of it to previous releases. I do recognize it was not officially 'g'. I am just giving feedback from many confused users. Many of which were just as confused on Debian and CentOS as well. I often think we forget the average user's perspective. -- Regards, Bryan Drewery