[TriLUG] Fwd: [ NNSquad ] Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping

Jack Hill jackhill at jackhill.us
Wed Mar 5 09:08:49 EST 2014


On Wed, 5 Mar 2014, matt at noway2.thruhere.net wrote:

>> I dunno, but I asked our security dude at work and his response was that
>> most software uses openssl.. except for packages written by "zealots" who
>> refuse to use non-GNU libraries.  His secondary comment was to not use
>> lynx for online banking :-)
>>
>> William Sutton
>>
> Um, excuse me, but who is the zealot here?  One has to wonder about his
> real motivations.

My understanding is that the real thing people (especially distributions) 
dislike about openssl is the advertising clause. As a regular person both 
suites give me equal freedom, and I'm not aware of large 
proprietarization efforts around openssl. IANAL; TINLA.

I have experienced compelling reasons to standardize on the use of one 
suite or another. I had trouble getting software linked against GnuTLS to 
use certs created with openssl. Standards are great.

Best,
Jack


More information about the TriLUG mailing list