On Tuesday 28 June 2016 18:03:39 Salz, Rich via RT wrote: > > what about Debian CVE-2008-0166 like scenario? > > So far that kind of thing seems unlikely, but maybe I'm > missing the point your trying to make?
even if unlikely, it would make me sleep better at night knowing that at least one of the core developers did take a look at it I mean, sure, the same code will need to be written by application developers wanting compatibility and it will not be reviewed by OpenSSL developers, but there's a difference between few applications using bad code and all applications that want backwards API compatibility using bad code -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4589 Please log in as guest with password guest if prompted
signature.asc
Description: PGP signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
