[tahoe-lafs-trac-stream] [Tahoe-LAFS] #2215: mitigate heartbleed vulnerability
Tahoe-LAFS
trac at tahoe-lafs.org
Tue Dec 16 18:15:27 UTC 2014
#2215: mitigate heartbleed vulnerability
-------------------------+-------------------------------------------------
Reporter: daira | Owner: daira
Type: defect | Status: assigned
Priority: | Milestone: 1.11.0
critical | Version: 1.10.0
Component: code | Keywords: security integrity confidentiality
Resolution: | capleak pyopenssl cffi packaging review-needed
Launchpad Bug: |
-------------------------+-------------------------------------------------
Comment (by warner):
Three options, not necessarily orthogonal.
* 1: bundle a new version of openssl with pyopenssl
* 2: require OpenSSL of at least 1.0.1j
* 3: heroics: do some runtime check to determine whether our OpenSSL
("1.0.1j" or not) contains Heartbleed
1 requires coordination with the pyopenssl upstream folks: we're currently
hosting eggs for this, but ideally we wouldn't be.
2 will probably cause build failures on some (debian) platforms that have
patched the bug but not changed the version number
3 is hard, and can't be done for all the OpenSSL bugs we know about (some
are very hard to detect at runtime).
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2215#comment:17>
Tahoe-LAFS <https://Tahoe-LAFS.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list