back to article Optimus multi-prime is the new rule as OpenSSL transforms crypto policies again

OpenSSL's maintainers have put the squeeze on insecure ciphers, with a raft of changes to how the project's operations. The changes were announced here following an OpenSSL management committee (OMC) meeting in London. The cryptography policy changes include making sure insecure configurations aren't enabled by default, but …

  1. Anonymous Coward
    Anonymous Coward

    Weekly release schedule?

    > The project's release cadence will change to weekly ...

    That's NOT at all what the announcement says. A weekly release schedule would be extremely bad for critical infrastructure.

    What the announcement was saying, is that when security releases need to happen, they'll happen on a Tuesday. With a pre-announcement a week before, so people are pre-warned.

    This is because (quoting here) "We don’t see a need to have people ready to sacrifice their weekend every time a new CVE comes out ...".

    In the case of extreme urgency though, the Tuesday thing won't be followed. Hopefully that doesn't happen very often, but time will tell.

  2. Aodhhan

    Errors all over this

    This article should be removed.

    The author fails to properly provide exact information. In fact, it changes what is actually stated by OpenSSL Management Committee.

    I'm not a huge fan of OpenSLL "Management Committee", since all they do is jump on to an encryption standard, instead of actually creating an algorithm themselves. Sort of like, building a radio for a car and then attempting to tell the world they are an expert on cars.

    So, I don't have any real skin in this game, but c'mon... this is really bad reporting.

    Stop trying to create something which has already been created or spread the word using your own agenda, spin or artistic flair. Just the facts man.

    1. Anonymous Coward
      Anonymous Coward

      Re: Errors all over this

      > ... Sort of like, building a radio for a car and then attempting to tell the world they are an expert on cars.

      That doesn't sound right. They don't seem to be making themselves out as experts.

      From the source announcement ".. the important point is that we most of us are implementors, not cryptographers, and will defer judgement to experts.".

    2. Doctor Syntax Silver badge

      Re: Errors all over this

      I'm not a huge fan of OpenSLL "Management Committee", since all they do is jump on to an encryption standard

      Jumping onto standards is vastly better than jumping off them. In fact, it's the right thing to do. Just make sure your chosen standard doesn't involve an magic constants provided by the NSA.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022