On Sat, Jul 12, 2014 at 12:06:27AM +0200, Toni Mueller wrote: > Package: wnpp > Severity: wishlist > Owner: Toni Mueller <toni@debian.org> > > * Package name : libressl > Version : 2.0.0 > Upstream Author : The OpenBSD project, the OpenSSL project et al. > * URL : http://www.libressl.org/ > * License : BSD, OpenSSL, SSLeay, Public Domain. > Programming Lang: C > Description : SSL library, forked from OpenSSL > > > LibreSSL strives to maintain API compatibility with OpenSSL, but > do away with all the cruft. > > After a long series of OpenSSL problems, recently highlighted by > the infamous Heartbleed bug, a group inside OpenBSD decided to > fork OpenSSL and adapt the code to modern coding standards. > Along the way, a lot of compatibility with older architectures > and toolchains was discarded. I didn't see this yet in the thread, so: https://www.agwa.name/blog/post/libressls_prng_is_unsafe_on_linux http://arstechnica.com/security/2014/07/only-a-few-days-old-openssl-fork-libressl-is-declared-unsafe-for-linux/ http://lwn.net/Articles/605509/ (Pick your news source) Flame-ingly yours, Paul -- .''`. Paul Tagliamonte <paultag@debian.org> | Proud Debian Developer : :' : 4096R / 8F04 9AD8 2C92 066C 7352 D28A 7B58 5B30 807C 2A87 `. `'` http://people.debian.org/~paultag `- http://people.debian.org/~paultag/conduct-statement.txt
Attachment:
signature.asc
Description: Digital signature