On 25 Apr 2014, at 09:16, Matthias Gamsjager <mgamsja...@gmail.com> wrote:
> Isn't the latest news that Google&co and the linux foundation setup a > construction that these vital opensource projects get the proper > funding. Meaning more man power and hopefully less bugs Yes, there's effort to improve OpenSSL from there, there's the LibreSSL project from OpenBSD and there's a from-scratch reimplementation of SSL in the Cambridge Computer Lab that's intended for easy verification, and Apple's CommonCrypto (which, in light of goto fail, might not be the best choice), so there are going to be a lot of choices in time for 11. There are very few users of OpenSSL in the base system (7, I think), so rewriting them to use less error-prone APIs would be feasible - a 100% OpenSSL-compatible API is not necessarily a requirement for a base-system SSL library. so@ and secteam@ get to make the final call on what we should be shipping, because they're the ones that will have to suffer from the fallout the next time there's a vulnerability. David  It's written in OCaml, but can have C APIs and can probably be compiled into C. C that is machine generated from a typesafe language is a lot less likely to contain memory management bugs than C that is generated by a human... _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"