First Release of LibreSSL Portable Available
First Release of LibreSSL Portable Available
Posted Jul 15, 2014 16:41 UTC (Tue) by moltonel (subscriber, #45207)In reply to: First Release of LibreSSL Portable Available by roblucid
Parent article: First Release of LibreSSL Portable Available
My impression is, you overestimate the feasability of fixing OpenSSL without breaking binary compatibility :p You can only do so much while keeping compatibility. Some bugs are exposed in the API itself; fixing them requires changing the API and breaking compatibility. Not fixing something because it'd break compatibility is a recipe for the next blockbuster security flaw.
As annoying as it is for sysadmins and downstream projects, they won't get better security without some porting efforts.
Posted Jul 16, 2014 9:55 UTC (Wed)
by roblucid (guest, #48964)
[Link]
There's a balance to be struck, I agree with what you are saying here and don't expect a bug for bug binary compatibility, but am sceptical about the useful results and effects of the approach taken by this fork.
First Release of LibreSSL Portable Available