From owner-freebsd-security@FreeBSD.ORG  Wed Apr  9 20:12:30 2014
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 2F7387E0
 for <freebsd-security@freebsd.org>; Wed,  9 Apr 2014 20:12:30 +0000 (UTC)
Received: from smtp.des.no (smtp.des.no [194.63.250.102])
 by mx1.freebsd.org (Postfix) with ESMTP id E2A70196F
 for <freebsd-security@freebsd.org>; Wed,  9 Apr 2014 20:12:29 +0000 (UTC)
Received: from nine.des.no (smtp.des.no [194.63.250.102])
 by smtp-int.des.no (Postfix) with ESMTP id E06136786;
 Wed,  9 Apr 2014 20:12:28 +0000 (UTC)
Received: by nine.des.no (Postfix, from userid 1001)
 id 411AF4CC; Wed,  9 Apr 2014 22:12:29 +0200 (CEST)
From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To: Nathan Dorfman <na@rtfm.net>
Subject: Re: Proposal
References: <9eeba1ab-2ab0-4188-82aa-686c5573a5db@me.com>
 <8D81F198-36A7-47F4-B486-DA059910A6B4@spam.lifeforms.nl>
 <867g6y1kfe.fsf@nine.des.no>
 <CADgEyUstkxO1i_B9Qsw=K9qT=nrh9evhv8VekMdNKauOQFN6dg@mail.gmail.com>
Date: Wed, 09 Apr 2014 22:12:29 +0200
In-Reply-To: <CADgEyUstkxO1i_B9Qsw=K9qT=nrh9evhv8VekMdNKauOQFN6dg@mail.gmail.com>
 (Nathan Dorfman's message of "Wed, 9 Apr 2014 15:44:53 -0400")
Message-ID: <86d2gqz2he.fsf@nine.des.no>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Cc: freebsd-security@freebsd.org, Kimmo Paasiala <kpaasial@icloud.com>,
 Walter Hop <freebsd@spam.lifeforms.nl>,
 Pawel Biernacki <pawel.biernacki@gmail.com>
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Apr 2014 20:12:30 -0000

Nathan Dorfman <na@rtfm.net> writes:
> Is it implausible to suggest that before embarking on the task of
> backporting, reviewing, testing and releasing the actual fix, an
> announcement could have been made immediately with the much simpler
> workaround of adding -DOPENSSL_NO_HEARTBEATS to the OpenSSL compiler
> flags?

No, that's not implausible, although I don't know whether that
workaround was known at the time.  It seems obvious in retrospect, but
may not have been that obvious under pressure.  Was it mentioned in the
OpenSSL advisory?

If all you wanted to hear was "we're working on it", well, Xin did write
that almost on -security exactly 48 hours ago.

DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no