rlaager at wiktel.com
Thu Mar 8 20:22:45 UTC 2018
On 03/08/2018 05:06 AM, Udo van den Heuvel wrote:
> Can we trust the distros to deliver openssl updates in time?
Yes. If you can't trust the distro to deliver security updates, you have
a serious problem that cannot be solved by ntpsec's tarball.
> Can't we simply enforce a reasonable level? (e.g. maximum of XX months
> old version of openssl)
Probably not, as backported fixes for particular issues will not
increment the version number.
More information about the devel