Wouldn't it have made most sense to e-mail the OpenSSL team so they could have p... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		antihero on April 11, 2014 \| parent \| context \| favorite \| on: “In a typical year the OpenSSL project receives ab... Wouldn't it have made most sense to e-mail the OpenSSL team so they could have pushed a critical patch that everyone would have updated to via APT before shit went off of the hook?

mschuster91 on April 11, 2014 | [–]

They did, the problem is that the patch immediately shows you the security issue - and distributing a patch means then to disclose the bug.

danielweber on April 11, 2014 | [–]

I'm not 100% on the timeline but I'm pretty sure the OpenSSL team knew about this well before April 7th.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact