Y
Hacker News
new
|
ask
|
show
|
jobs
by
clarry
4106 days ago
So 4 out of 14 needed fixing in -current, while the rest were either already fixed or not relevant to libressl. It would be interesting to know who fixed the ones that were fixed already, and when.
2 comments
vog
4106 days ago
I guess that most of these were "fixed" by simply throwing away lots of garbage code from OpenSSL during the evolution of LibreSSL.
link
InclinedPlane
4106 days ago
Don't undersell that man, priority zero in security is reducing the threat surface.
link
oskarth
4106 days ago
There are no quotation marks about it; it still counts.
link
vog
4106 days ago
You may be interested in the experience report of Ted Unangst about fixing security issues in OpenBSD:
http://www.tedunangst.com/flak/post/making-security-sausage
link