Imminent release of 2.2.5 and 3.0.3
Nick Lowe
nick.lowe at gmail.com
Thu Apr 17 15:59:13 CEST 2014
I agree entirely with what Phil says. Is this not a layering
violation? As much as you think you might be helping in this
belt-and-braces way, I don't think it should be the concern of
FreeRADIUS to care about this - and how far do you take it?
I am also curious who might actually tangibly benefit. Isn't the
reality that a version of FreeRADIUS that contains these checks will
only ever get packaged by the distributions with a non-vulnerable
version of OpenSSL going forward anyway in a new major release that
they make?
Nick
More information about the Freeradius-Users
mailing list