On Sat, Feb 10, 2018 at 5:17 AM, Kevin Chadwick <m8il1ists_at_gmail.com> wrote:
> This is my last cross post as I am in danger or have already abused
> your list likely atleast in some peoples eyes.
> It seems like a strong argument to make upstreams reconsider to me. I
> know security is an intangible asset and they likely won't care.
> Though I think that lesson is becoming more widely understood, so maybe.
I did not discuss the OpenSSL 1.1 API in my proposal. I do not care about it.
I care about date comparisons that don't involve trusting anything
that overflows a time_t as being in the future and then naively trying
to prove it somehow.
I care about OpenSSL 1.0.1g functions continuing to exist. OpenSSL
1.1 does include those functions, but not the OpenSSL 0.9.8 deprecated
I care about cryptographic offload support.
Most importantly, I care about not using either LibreSSL or OpenSSL in
the first damned place wherever possible.
No, the abuse you are creating has nothing to do with cross posting,
but instead posting nonsense to a mailing list about a software you
keep pointing out you do not even use, and my patience is now
exceeded. Accordingly, I have configured my mail client to
automatically delete any future messages from you.
As for Theo, I mostly agree that the new OpenSSL 1.1 APIs for
certificate verification are crap, but I don't really care to hear any
more of your bad takes, so again, my mail client will be deleting any
future mail from you.
Received on Sat Feb 10 2018 - 07:50:22 UTC