El 10/04/14 13:20, Greg Freemyer escribió:
At least for openSUSE users the policy is that openSSL never be hardlinked to an app. Thus patching the library and restarting any apps using it will address the vulnerability. But it means the historical window of opportunity was huge.
And for anyone that runs windows, they often hardlink in the openSSL library instead of using a shared DLL. That means that every application will need to be checked and upgraded if needed in windows.
Can I crawl back in a hole now?
Correct, or at least with recent'ish products, I personally removed openSSL package's static libraries a long while ago so this cannot happen without causing a build failure. Third party apps need to be verified though. -- Cristian "I don't know the key to success, but the key to failure is trying to please everybody." -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org