On 19/05/17 23:56, David Sommerseth wrote: > On 20/05/17 00:45, Mahawar, Sunil wrote: >> Hi, >> >> I loved easy-rsa tool and its user friendly interface. I am using >> this tool for one of my project for OpenHPC (http://openhpc.community ). >> However one my colleague pointed out that easy-rsa project is not an >> active project, its last release was 2 year back, last commit was June >> 2016, and there are multiple open issues on git hub (40), which are not >> yet addressed. So there was concern that any security related >> vulnerability (if found) will not be fixed in timely manner. Because of >> that I was asked to reevaluate easy-rsa utility for my use. >> >> As per the documentation, easy-rsa development co-exists with OpenVPN, I >> am assuming that openvpn community will take care of any vulnerability >> in easy-rsa (if found). I will appreciate if someone on community >> confirm my assumption that openvpn community will also be maintain >> easy-rsa any vulnerability in this utility? >> > > It might not look so active, but there are people who are engaged
There are "person" .. but engagement has not been forthcoming .. > and > who I am quite sure will step up if it is truly needed to act upon any > security issues. > > The upstream project is hosted here: > <https://github.com/OpenVPN/easy-rsa> > > That said, there are not too much security issues easy-rsa itself may > introduce. It is basically just a shell script providing a more easy > user interface to the openssl command line. So as long as your OpenSSL > installation is safe and good, there is not too much this tool can do to > reduce that. > > The primary thing in easy-rsa influencing the security is the OpenSSL > configuration file (openssl-1.0.cnf), and the secondary is how the > various openssl command line calls is handled. Except of that, it is a > fairly simple program logic and lots of somewhat more helpful text. > > It is time Easy-RSA received some *much* needed attention. nudge-nudge-wink-wink .. say-no-more (for now) ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
