Hi Henning, > So my question is - would it be reasonable to send an early warning > (without any details) to one of the OpenSSL lists a few days before > publishing a version containing fixes for security vulnerabilities? > Just saying something along the lines of "we plan to release a new > openssl version containing security fixes in about 2 days". Something > like this would help people to already be alarmed and start preparing > resources (if they like to). I think this would help decreasing the time > from the actual disclosure at openssl to fixed version of the respective > project. This is already done, see [1]. You could also subscribe to announce, if you missed it.
Regards, Steef [1] <http://marc.info/?l=openssl-dev&m=140706092626158&w=2> ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org