|
|
|
|
|
|
by cperciva
6587 days ago
|
|
|
You have two advisories for the same 0.9.7l get-ciphers vulnerability. No, there's one advisory for the original vulnerability, and a second advisory for a new vulnerability which was added when OpenSSL shipped a broken patch (this one we didn't notice in time -- mea culpa). If you really think OpenSSL has a worse track record than Sendmail, assert it directly. I don't think you will. Overall? No -- Sendmail had a horrible track record in the past. Recently? Yes, I would say that OpenSSL has a worse track record than Sendmail over the past 4 years. I think you've just provided some spectacularly bad advice to web devs here, Colin. You're entitled to your opinion, of course, but I'd like to hear more details -- which bit in specific do you consider was bad advice? |
|
|