Re[2]: About the openssl hole

From: Gabriel Ambuehl (gabriel_ambuehl@buz.ch)
Date: 07/30/02 

Date: Tue, 30 Jul 2002 18:37:01 +0200
From: Gabriel Ambuehl <gabriel_ambuehl@buz.ch>
To: Geir Råness <pulz@pulz.no>

-----BEGIN PGP SIGNED MESSAGE-----

Hello Geir,

Tuesday, July 30, 2002, 6:26:05 PM, you wrote:

> I cant do that, but you could easy edit the old port your self and
fix it that way.

Well I tried to do that... It's just that openssl.org is practically
down (you know what I mean...) and thus I was pretty much out of luck

> It's your own choice what to do, if you want to risk it do so.

I would have risked it (in any case, it's still better to kill SSL
services myself trying to defend from the blackhats than having the
blackhats destroying everything...)

> If not, wait for the freebsd team to make an patch for us.

That's more or less what I'm doing now.

> If you take a quick look at the current branch you will se that
> the openssl is changed to 0.9.6.e, but as we know, current branch
aint so stable.

I'll have another shot at current once the TrustedBSD stuff is in
cause I really want to have ACLs ASAP but running it in production is
entirely out of question right now.

Best regards,
 Gabriel

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2i

iQEVAwUBPUayoMZa2WpymlDxAQHS2wf9GgUFkA3eI2rSJlKYynsnzisode50bYdW
TINnOJW/8mYYUBTiIXDLYZ6Xt+ZZhu+0LzlCQcu9XvgHnxsabDztUYAdGt/XCmde
BAUysjmfoRR9FlUEjK9brovds/LKiKODoBSmN2LUSnPDUm0V0ojJbezfQPiRIEmc
yHa4cKxWJoMq4gRNRTOCLr2rwVe78rbK1xw3ICe+Z0cDUzJX8VzZijKfzY39aZ9L
OPSMdLQ0cJf1ASsJRthNRqzHc299oVdNbRoFia1AR9p1fpaN2u/0qu/9GxQQtYKY
T4z17Enao5A8Htf2tJcWZ1/+AXkJ639/gsYUflfV7HgLruEKAwIYoA==
=nLA8
-----END PGP SIGNATURE-----

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message