Date: Fri, 19 Nov 2010 14:54:24 -0600 (CST) From: Robert Bonomi <bonomi@mail.r-bonomi.com> To: freebsd-questions@freebsd.org, nr1c0re@gmail.com Subject: Re: openssl version - how to verify Message-ID: <201011192054.oAJKsOPk011590@mail.r-bonomi.com>
next in thread | raw e-mail | index | archive | help
> From owner-freebsd-questions@freebsd.org Mon Nov 15 09:38:53 2010
> Date: Mon, 15 Nov 2010 18:40:27 +0300
> From: c0re <nr1c0re@gmail.com>
> To: FreeBSD <freebsd-questions@freebsd.org>
> Subject: Re: openssl version - how to verify
>
> 2010/11/15 Jerry <freebsd.user@seibercom.net>:
> There are still too many broken ports with openssl from ports, I do
> not like debug it and really like to use base openssl, almost no
> difference.
> But I just want to have some proves that base system openssl has
> security patches because 7.3-RELEASE base openssl is 0.9.8e, but
> 0.9.8e has got security vulnerabilities. But how can I be sure that
> freebsd base system with 0.9.8e version does not have any
> vulnerabilities?
_authoritative_ answer: You _cannot_.
Statement rationale:
"The number of discovered bugs in any system is a finite number.
The number of _UNDISCOVERED_ bugs, on the other hand, is an infinite one.
By definition."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201011192054.oAJKsOPk011590>