Duh - thank you Steef, Kurt and Rich - not sure how I could miss that either... So please only take the key message - your team does a great job with OpenSSL, thank you all!
Regards, Henning On 08/13/2014 01:35 PM, Steef wrote: > Hi Henning, > >> So my question is - would it be reasonable to send an early warning >> (without any details) to one of the OpenSSL lists a few days before >> publishing a version containing fixes for security vulnerabilities? >> Just saying something along the lines of "we plan to release a new >> openssl version containing security fixes in about 2 days". Something >> like this would help people to already be alarmed and start preparing >> resources (if they like to). I think this would help decreasing the time >> from the actual disclosure at openssl to fixed version of the respective >> project. > This is already done, see [1]. You could also subscribe to announce, if > you missed it. > > Best Regards, > Steef > > [1] <http://marc.info/?l=openssl-dev&m=140706092626158&w=2> > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [email protected] > Automated List Manager [email protected] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
