From owner-freebsd-security@FreeBSD.ORG Thu Apr 24 09:32:06 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B684B945 for ; Thu, 24 Apr 2014 09:32:06 +0000 (UTC) Received: from outgoing.tristatelogic.com (segfault.tristatelogic.com [69.62.255.118]) by mx1.freebsd.org (Postfix) with ESMTP id 97E3A1FD0 for ; Thu, 24 Apr 2014 09:32:05 +0000 (UTC) Received: from segfault-nmh-helo.tristatelogic.com (localhost [127.0.0.1]) by segfault.tristatelogic.com (Postfix) with ESMTP id 546AD3AE82 for ; Thu, 24 Apr 2014 02:31:56 -0700 (PDT) From: "Ronald F. Guilmette" To: freebsd-security@freebsd.org Subject: Re: OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + hole? In-Reply-To: Date: Thu, 24 Apr 2014 02:31:56 -0700 Message-ID: <22727.1398331916@server1.tristatelogic.com> X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Apr 2014 09:32:06 -0000 In message Ben Laurie wrote: >So where are your patches to fix these issues? Moi? Sorry. I'm confused. Was there something (anything) in or amongst the comments I made have could have been construed or interpreted to indicate that I personally was able to devote time to bugfixing on these specific packages? And more to the point, didn't I explicitly note that the OpenBSD dudes are... according to published reports... already laboring away on a slimed down and reorganized version of OpenSSL? Why would I or anyone else want to spend (waste?) time hacking on this until those guys release a new, improved and altogether svelte new version? Regards, rfg