Every day, Ted Unangst is vindicated more and more[1] for his work forking OpenS... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		anonbanker on May 12, 2024 \| parent \| context \| favorite \| on: 16 years of CVE-2008-0166 – Debian OpenSSL Bug Every day, Ted Unangst is vindicated more and more[1] for his work forking OpenSSL. If you do a little digging, you'll see that there was no real technical reason why your distro of choice has abandoned implementing LibreSSL[2][3], or just never implemented it at all[4]. They just somehow wanted to keep using the faulty software with exploit mitigation countermeasures[5][6]. Totally organic. 1. https://flak.tedunangst.com/post/analysis-of-openssl-freelis... 2. https://wiki.gentoo.org/wiki/LibreSSL 3. https://github.com/void-linux/void-packages/issues/20935 4. https://lwn.net/Articles/841664/ 5. https://marc.info/?l=openbsd-misc&m=139698531410614&w=2 6. https://marc.info/?l=openbsd-misc&m=139698608410938&w=2

tedunangst on May 12, 2024 [–]

I don't think that has anything to with this, though.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact