Linux software security as a tweet

[/dev/urandom]

Just to let you know latest #OpenSSL news: a possible issue in one of the patches for today was reported to us and it's being investigated.

Security holes in security updates. Welcome to the Microsoft way of life.
This is your chance to upgrade to LibreSSL.

[BenTrabetere]

Security holes in security updates. Welcome to the Microsoft way of life.
This is your chance to upgrade to LibreSSL.

Maybe I'm reading this incorrectly, but the last tweet seems to indicate the problem is no longer a problem. That is what "solution to the issue has been found, back on track for a release within the original timeframe" means, right? How would LibreSSL be an improvement?

As for Microsoft, in my experience this is far from the "Microsoft way of life." First, MS would not announce a security hole had been found. Second, the problem would not be addressed until someone else found it, Third, a fix would not be issued until it could be fit into the Patch Tuesday schedule. Fourth, it will take at least one reboot to apply the patch. Fifth, it is quite likely the patch would create problems and be recalled. Rinse, repeat.

[/dev/urandom]

Maybe I'm reading this incorrectly, but the last tweet seems to indicate the problem is no longer a problem.

"The issue in the issue fix is fixed", part 28534 of ...?

And of course it's the Microsoft way. OpenSSL won't disclosure the issue unless the fix for the fix is publicly available - this is how Microsoft works too.

[Pjotr]

Maybe I'm reading this incorrectly, but the last tweet seems to indicate the problem is no longer a problem.

"The issue in the issue fix is fixed", part 28534 of ...?

And of course it's the Microsoft way. OpenSSL won't disclosure the issue unless the fix for the fix is publicly available - this is how Microsoft works too.

What's all this supposed to mean? Are you looking for an opportunity to bash Linux or something?

[/dev/urandom]

No - I only keep records for the next time someone says "FLOSS always has a better QA than Microsoft".

[Pjotr]

No - I only keep records for the next time someone says "FLOSS always has a better QA than Microsoft".

So your mission is to enlighten us poor misguided forum dwellers, that Linux QA is supposedly not better than Microsoft QA?

[/dev/urandom]

I don't have a mission. You should know from my other postings.

Mind to use the PM functionality for personal questions?

[Pjotr]

I don't have a mission. You should know from my other postings.

It's *exactly* the combination of your postings in this thread together with those other postings, which make me question your general attitude.

Mind to use the PM functionality for personal questions?

Yes, I do mind. I utterly fail to see why you shouldn't be challenged publicly for what's beginning to look like Linux bashing.

[/dev/urandom]

While this is indeed a hole in the forum rules, I'd consider it impolite to spam a topic with personal accusations towards another forum member.

[r00t]

Personally, what I find impolite is going onto a Linux forum and bashing it. Or bashing anything on a forum of any kind. Instead, might I suggest a blog?

Locked.