dana :blobhaj_witch: on Nostr: npub1y0emt…smm9n As a security person I need to point out that pinning to an old ...
npub1y0emt2wlpsezcnmxtyrpf33qe7gwy5u8yzssvv6uw53em0k32t7q7smm9n (npub1y0e…mm9n) As a security person I need to point out that pinning to an old version makes your software trivial to go through as an attacker because openssl is in a memory unsafe language and so vulnerabilities will continue to be found in it indefinitely.
Have you considered alternatives to openssl if they have the functionality you require? Thinking of boringssl here mostly.
Published at
2023-09-12 02:46:06Event JSON
{
"id": "c38fca6191570b2883e4efa158389526361c11d55a58eacd15cd5335ba4f990b",
"pubkey": "38d50c71658340533e81b88d6367c92f07c086705473609d3f046232d4968fe5",
"created_at": 1694486766,
"kind": 1,
"tags": [
[
"p",
"23f3b5a9df0c322c4f66590614c620cf90e2538720a106335c75239dbed152fc",
"wss://relay.mostr.pub"
],
[
"p",
"5aeb250b3075a12bd05e16c8a3c40da91a553fa92164a39915a3a0615fe51864",
"wss://relay.mostr.pub"
],
[
"e",
"f21e33333cea02aac801d2a1ac6a83b5ea580d94bb6a578067a79336a36259b9",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://sunny.garden/users/blinkygal/statuses/111049884742984785",
"activitypub"
]
],
"content": "nostr:npub1y0emt2wlpsezcnmxtyrpf33qe7gwy5u8yzssvv6uw53em0k32t7q7smm9n As a security person I need to point out that pinning to an old version makes your software trivial to go through as an attacker because openssl is in a memory unsafe language and so vulnerabilities will continue to be found in it indefinitely.\n\nHave you considered alternatives to openssl if they have the functionality you require? Thinking of boringssl here mostly.",
"sig": "951d29eb5b60124cf7ab64789f2967975573cba374ddfcf6c1f31a25002a68aa592237c018968d074bd061a5a3d61fbb518772025e712a09fbc340108801b00a"
}
