> I actually did push an updated package within 3 hours after the public > announcement. I think that is pretty reasonable especially since we are > not among the fortunate distros and companies that were notified > beforehand.
It's very good! Only a few distribution and vendors can do that! What is the situation with the Archlinux websites and others servers? I remind that this flaw is rather critical and applying the patch/new version is probably not enough (especially if you are . There is already a lot of people playing with this bug and trying to extract "secrets" and sensitive data from servers. TLS private keys should be revoked and new ones get generated, as htpasswd etc. o/ RbN
signature.asc
Description: This is a digitally signed message part.
