[conradk]

Since Chromium is open source, you can contribute to the project. I'm sure if you send a quality patch to the Chromium dev team to fix Logjam, they'd be willing to review it.

Did you try to contribute to Chromium and Firefox to speed up fixing the Logjam issue ?

[ikeboy]

>Did you try to contribute to Chromium and Firefox to speed up fixing the Logjam issue?

No. The issue isn't that it's (so) hard to fix; the fix in 39 has been out for a while, they just didn't want to release it for the stable release, which means few people got it. (In fact, some distros apparently fixed their versions earlier [1]).

On Firefox, you could manually fix it in 2 minutes [2]

I'm not familiar with the codebases, so it would take me longer to make a patch, but it really should not take 2 months to release to stable a fix that affected 8.4% [3] of popular websites, especially for a company like Google.

The tinfoil hat in me says certain things about this, considering that logjam was likely known by the NSA, but then again I can't prove anything.

I'm a bit surprised there hasn't been more talk about this, actually. A major security hole going unfixed for months after public disclosure should have had more chatter.

[1] https://news.ycombinator.com/item?id=9702061 [2] http://techdows.com/2015/05/how-to-make-firefox-browser-safe... [3] https://weakdh.org/

[JupiterMoon]

Why should one provide a patch for Google's browser. Google are rich they can do it themselves? The day that Chrome is a verified build of Chromium with all the Google centric stuff as optional add ons is the day sending Chromium patches makes sense.