Hacker News new | ask | show | jobs
by bbwharris 4449 days ago
Look at it this way. If it was closed source, the fix would take longer, and the realization may have never come.

Honestly, seems like we are forgetting our roots on this. Dump it? Yeah and throw out years of stability and bug fixes. No thanks!
1 comments
sp332 4449 days ago
Being widely used is a problem. Monoculture leads to exactly this kind of mass vulnerability.
link
JetSpiegel 4449 days ago
"But crypto is hard! Don't roll your own", say everyone, ever.
link
jussij 4449 days ago
By coincidence, I remembered someone pointing this out to the Go developers no too long ago, after he found out they did in fact roll their own:

https://groups.google.com/forum/#!searchin/golang-nuts/opens...

In light of the current issue I looks like the D guys did the right thing.

link
bbwharris 4449 days ago
Standards are important. For all practical purposes OpenSSL has become a standard.

TCP can be exploited, it doesn't mean we ditch TCP for another differently exploitable solution.

I see your point but I don't think of OpenSSL as monoculture the same way that Windows or OSX are.

link
sp332 4449 days ago
OpenSSL isn't a standard any more than winsock. And fortunately, OpenSSL isn't the only library that implements SSL.
link