Date: Fri, 19 Nov 2010 14:54:24 -0600 (CST) From: Robert Bonomi <bonomi@mail.r-bonomi.com> To: freebsd-questions@freebsd.org, nr1c0re@gmail.com Subject: Re: openssl version - how to verify Message-ID: <201011192054.oAJKsOPk011590@mail.r-bonomi.com>
next in thread | raw e-mail | index | archive | help
> From owner-freebsd-questions@freebsd.org Mon Nov 15 09:38:53 2010 > Date: Mon, 15 Nov 2010 18:40:27 +0300 > From: c0re <nr1c0re@gmail.com> > To: FreeBSD <freebsd-questions@freebsd.org> > Subject: Re: openssl version - how to verify > > 2010/11/15 Jerry <freebsd.user@seibercom.net>: > There are still too many broken ports with openssl from ports, I do > not like debug it and really like to use base openssl, almost no > difference. > But I just want to have some proves that base system openssl has > security patches because 7.3-RELEASE base openssl is 0.9.8e, but > 0.9.8e has got security vulnerabilities. But how can I be sure that > freebsd base system with 0.9.8e version does not have any > vulnerabilities? _authoritative_ answer: You _cannot_. Statement rationale: "The number of discovered bugs in any system is a finite number. The number of _UNDISCOVERED_ bugs, on the other hand, is an infinite one. By definition."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201011192054.oAJKsOPk011590>