|
|
Subscribe / Log in / New account

Security

Security

Posted Sep 2, 2014 17:17 UTC (Tue) by rich0 (guest, #55509)
In reply to: Security by Wol
Parent article: Poettering: Revisiting how we put together Linux systems

So, I run Gentoo, but I'm not sure I buy that argument. In this case the bug only occurred if TLS heartbeat was enabled. What if next time a bug only occurs if something you might not think you need is disabled?

I think you just got lucky, and running USE=-* has its own issues.

to post comments

Security

Posted Sep 2, 2014 18:29 UTC (Tue) by Wol (subscriber, #4433) [Link]

Well, I gather one of the BIG reasons heartbleed was such a disaster was

(a) most people had it switched on
(b) most people weren't using it

That's a recipe for minimal testing and maximal problems.

Your scenario is where most people need the functionality, so I'm in a minority of not wanting or needing. I don't think that is anywhere near as likely (although I could be wrong ...)

Cheers,
Wol

Security

Posted Sep 4, 2014 19:30 UTC (Thu) by NightMonkey (subscriber, #23051) [Link]

Gentoo would at least have given you a chance to disable the offending subcomponent (in a managed way), had a fix from the OpenSSL camp not come quickly enough.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds