"Rene G. Eberhard" wrote:
>
> Lutz
>
> Please apologize this questions. It is definitely NOT personally!
> I do not doubt in your work!
>
> > Since the patch is a 70kB context diff, I don't want to send it over the
> > mailing list. It can be downloaded in its latest version "B.02" from
> > ftp://ftp.aet.tu-cottbus.de/pub/postfix_tls/related/openssl-patch/
> > - From my point of view, the work on the patch is finished.
> > (With the exception of the bit strength values that are now hardcoded
> > in the tables; is 3DES 168 bits or 112 as discussed on this list?)
> > - I would appreciate any bug report, comment etc.
> > - This patch should be included into the OpenSSL source for the
> > next release.
> >
> > For details, please check the appended README.
> > This patch was partly inspired by Ben Laurie in private communication.
>
> How's the procedure to integrate such a patch in OpenSSL? Lutz is not
> an official member of the OpenSSL dev group. Does the group trust in
> such patches? Furthermore the patch is stored on a public ftp server
> without any integrity check. Who does a review of this 70k patch
> and how is it tested?
The idea is that anyone who is interested takes a look and comments. At
some point, an OpenSSL developer picks up the patch and commits it. If
they believe in it (having reviewed it, of course). If no-one else does,
I will, but I'm a bit pressed for time at the moment. But I've already
reviewed earlier versions, so I'm reasonably sure it makes sense.
The really serious testing is done by you lot _after_ it is committed.
:-)
Cheers,
Ben.
--
SECURE HOSTING AT THE BUNKER! http://www.thebunker.net/hosting.htm
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
