<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	
	>
<channel>
	<title>
	Comments on: OpenSSL update	</title>
	<atom:link href="https://www.dragonflydigest.com/2014/06/09/openssl-update-4/feed/" rel="self" type="application/rss+xml" />
	<link>https://www.dragonflydigest.com/2014/06/09/openssl-update-4/</link>
	<description>A running description of activity related to DragonFly BSD.</description>
	<lastBuildDate>Tue, 10 Jun 2014 21:29:02 +0000</lastBuildDate>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=7.0</generator>
	<item>
		<title>
		By: dh		</title>
		<link>https://www.dragonflydigest.com/2014/06/09/openssl-update-4/comment-page-1/#comment-142630</link>

		<dc:creator><![CDATA[dh]]></dc:creator>
		<pubDate>Tue, 10 Jun 2014 21:29:02 +0000</pubDate>
		<guid isPermaLink="false">http://www.shiningsilence.com/dbsdlog/?p=14147#comment-142630</guid>

					<description><![CDATA[OpenBSD was apparently not formally notified because it was not on some list. One OpenBSD lead developer also wrote that he didn&#039;t wish to be added to that list for time constraints: http://marc.info/?l=oss-security&#038;m=139906348230995]]></description>
			<content:encoded><![CDATA[<p>OpenBSD was apparently not formally notified because it was not on some list. One OpenBSD lead developer also wrote that he didn&#8217;t wish to be added to that list for time constraints: <a href="http://marc.info/?l=oss-security&#038;m=139906348230995" rel="nofollow ugc">http://marc.info/?l=oss-security&#038;m=139906348230995</a></p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: Franco Fichtner		</title>
		<link>https://www.dragonflydigest.com/2014/06/09/openssl-update-4/comment-page-1/#comment-142213</link>

		<dc:creator><![CDATA[Franco Fichtner]]></dc:creator>
		<pubDate>Tue, 10 Jun 2014 11:36:28 +0000</pubDate>
		<guid isPermaLink="false">http://www.shiningsilence.com/dbsdlog/?p=14147#comment-142213</guid>

					<description><![CDATA[Here&#039;s the patch for reference: https://bitbucket.org/braindamaged/openbsd-src/commits/9a2a133d99]]></description>
			<content:encoded><![CDATA[<p>Here&#8217;s the patch for reference: <a href="https://bitbucket.org/braindamaged/openbsd-src/commits/9a2a133d99" rel="nofollow ugc">https://bitbucket.org/braindamaged/openbsd-src/commits/9a2a133d99</a></p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: Franco Fichtner		</title>
		<link>https://www.dragonflydigest.com/2014/06/09/openssl-update-4/comment-page-1/#comment-142207</link>

		<dc:creator><![CDATA[Franco Fichtner]]></dc:creator>
		<pubDate>Tue, 10 Jun 2014 11:34:27 +0000</pubDate>
		<guid isPermaLink="false">http://www.shiningsilence.com/dbsdlog/?p=14147#comment-142207</guid>

					<description><![CDATA[There&#039;s always the option of backporting the actual vulnerability fixes (usually only a couple of lines). It&#039;s unclear how secure and trustworthy the library really is at this point, but that&#039;s a decision maintainers/projects needs to make for its users.

BTW, LibReSSL was also affected, and of course older versions of OpenBSD still run with normal OpenSSL, so these are affected too.]]></description>
			<content:encoded><![CDATA[<p>There&#8217;s always the option of backporting the actual vulnerability fixes (usually only a couple of lines). It&#8217;s unclear how secure and trustworthy the library really is at this point, but that&#8217;s a decision maintainers/projects needs to make for its users.</p>
<p>BTW, LibReSSL was also affected, and of course older versions of OpenBSD still run with normal OpenSSL, so these are affected too.</p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: Edward M		</title>
		<link>https://www.dragonflydigest.com/2014/06/09/openssl-update-4/comment-page-1/#comment-141834</link>

		<dc:creator><![CDATA[Edward M]]></dc:creator>
		<pubDate>Tue, 10 Jun 2014 05:39:16 +0000</pubDate>
		<guid isPermaLink="false">http://www.shiningsilence.com/dbsdlog/?p=14147#comment-141834</guid>

					<description><![CDATA[I find it odd why OpenBSD was not notified, people uses it in production systems.
I hope dragonfly will switch to libressl, when it is ready.. 

     .]]></description>
			<content:encoded><![CDATA[<p>I find it odd why OpenBSD was not notified, people uses it in production systems.<br />
I hope dragonfly will switch to libressl, when it is ready.. </p>
<p>     .</p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: Justin Sherrill		</title>
		<link>https://www.dragonflydigest.com/2014/06/09/openssl-update-4/comment-page-1/#comment-141686</link>

		<dc:creator><![CDATA[Justin Sherrill]]></dc:creator>
		<pubDate>Tue, 10 Jun 2014 03:49:06 +0000</pubDate>
		<guid isPermaLink="false">http://www.shiningsilence.com/dbsdlog/?p=14147#comment-141686</guid>

					<description><![CDATA[I am not sure - I have been watching the OpenBSD commits, but I haven&#039;t seen it... but then again, unless the commit message started with a big &quot;this is for this problem&quot; note, I may have skated right by it.]]></description>
			<content:encoded><![CDATA[<p>I am not sure &#8211; I have been watching the OpenBSD commits, but I haven&#8217;t seen it&#8230; but then again, unless the commit message started with a big &#8220;this is for this problem&#8221; note, I may have skated right by it.</p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: Anonymous		</title>
		<link>https://www.dragonflydigest.com/2014/06/09/openssl-update-4/comment-page-1/#comment-141681</link>

		<dc:creator><![CDATA[Anonymous]]></dc:creator>
		<pubDate>Tue, 10 Jun 2014 03:44:28 +0000</pubDate>
		<guid isPermaLink="false">http://www.shiningsilence.com/dbsdlog/?p=14147#comment-141681</guid>

					<description><![CDATA[My question about libressl, is it affected by these same issues that were pointed out this week?]]></description>
			<content:encoded><![CDATA[<p>My question about libressl, is it affected by these same issues that were pointed out this week?</p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: Justin Sherrill		</title>
		<link>https://www.dragonflydigest.com/2014/06/09/openssl-update-4/comment-page-1/#comment-141669</link>

		<dc:creator><![CDATA[Justin Sherrill]]></dc:creator>
		<pubDate>Tue, 10 Jun 2014 03:37:05 +0000</pubDate>
		<guid isPermaLink="false">http://www.shiningsilence.com/dbsdlog/?p=14147#comment-141669</guid>

					<description><![CDATA[What&#039;s the alternative if you&#039;ve already got a version with known issues?]]></description>
			<content:encoded><![CDATA[<p>What&#8217;s the alternative if you&#8217;ve already got a version with known issues?</p>
]]></content:encoded>
		
			</item>
		<item>
		<title>
		By: Franco Fichtner		</title>
		<link>https://www.dragonflydigest.com/2014/06/09/openssl-update-4/comment-page-1/#comment-141439</link>

		<dc:creator><![CDATA[Franco Fichtner]]></dc:creator>
		<pubDate>Mon, 09 Jun 2014 22:11:42 +0000</pubDate>
		<guid isPermaLink="false">http://www.shiningsilence.com/dbsdlog/?p=14147#comment-141439</guid>

					<description><![CDATA[I&#039;d heavily discourage anyone from updating to newer OpenSSL versions as new features may be potential new issues. Exploitable code seems to pop up with an alarming rate in releases.]]></description>
			<content:encoded><![CDATA[<p>I&#8217;d heavily discourage anyone from updating to newer OpenSSL versions as new features may be potential new issues. Exploitable code seems to pop up with an alarming rate in releases.</p>
]]></content:encoded>
		
			</item>
	</channel>
</rss>
