Date: Wed, 11 Jun 2014 15:56:51 +0200 From: Dan Lukes <dan@obluda.cz> To: Ben Laurie <ben@links.org> Cc: freebsd-security <freebsd-security@freebsd.org> Subject: Re: OpenSSL end of life Message-ID: <53986023.7050203@obluda.cz> In-Reply-To: <CAG5KPzxQm1ayF=p5pAsttHvxoAOFvNTvxhe6AS-auX27mxdywg@mail.gmail.com> References: <CAG5KPzyYzcu0qF9m2Fjgh7tTC=RrSMpxzHiDX5zD8_U_aB8k2A@mail.gmail.com> <5398482C.7020406@obluda.cz> <CAG5KPzxQm1ayF=p5pAsttHvxoAOFvNTvxhe6AS-auX27mxdywg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 06/11/14 15:00, Ben Laurie: >> What about ongoing FreeBSD 9.3 release ? According tradition, it's EOL >> should occur two years past release. But what we will do if embedded version >> of OpenSSL become unsupported just this winter ? > > I don't know - for a start, just because the OpenSSL team don't > support it, that doesn't mean others can't backport fixes. Sorry, I missed this. Yes, it's solution as well. I'm familiar with it. I'm backporting newest FreeBSD's SA and EN into FreeBSD 8.3-R despite it's declared EOL. But such approach has big "marketing" drawback. If there are published announcements like OpenSSL version a.b.c is obsolete, unsupported, unsafe and dangerous, then it's hard to offer a system based on it, despite promises that YOURS particular incarnation of openssl a.b.c is patched and safe. But yes, it's solution. Dan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53986023.7050203>