[TriLUG] Fwd: [ NNSquad ] Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping
jackhill at jackhill.us
Wed Mar 5 09:08:49 EST 2014
On Wed, 5 Mar 2014, matt at noway2.thruhere.net wrote:
>> I dunno, but I asked our security dude at work and his response was that
>> most software uses openssl.. except for packages written by "zealots" who
>> refuse to use non-GNU libraries. His secondary comment was to not use
>> lynx for online banking :-)
>> William Sutton
> Um, excuse me, but who is the zealot here? One has to wonder about his
> real motivations.
My understanding is that the real thing people (especially distributions)
dislike about openssl is the advertising clause. As a regular person both
suites give me equal freedom, and I'm not aware of large
proprietarization efforts around openssl. IANAL; TINLA.
I have experienced compelling reasons to standardize on the use of one
suite or another. I had trouble getting software linked against GnuTLS to
use certs created with openssl. Standards are great.
More information about the TriLUG