Bayan HeartBleedGate da kogunan haruffan da aka rubuta game da shari'ar, wannan tsayayyen manga waɗanda suke masu haɓaka OpenBSD, wanda Theo de Raadt ke jagoranta, ya ce "Za mu yi namu OpenSSL tare da wasannin sa'a da kuma sassauƙa." Amma ta yaya kudi baya basu don caca da 'yan kangado, an bar su da cokali mai yatsa na OpenSSL, wanda za su kira LibreSSL kuma da farko zai zama na OpenBSD 5.6 kuma, idan komai ya tafi daidai, ga sauran tsarin POSIX, gami da Linux.
A cikin gaskiya mai haɓaka OpenBSD Ted Unangst ya ambaci cewa Heartbleed ya kasance ɗayan ɗayan kwaroron bala'i ne na OpenSSL na shekara-shekara kuma wannan kwaron ba dalili bane na cokali. Kwaron da Ted ya mai da hankali (wanda zai haifar da cokali mai yatsu) ya yi da na cikin gida 'Yan tawayen OpenSSL kuma menene ngnix baya aiki ba tare da waannan frean wasan ba. Amma mafi munin shine rashin amsa daga OpenSSL tunda wannan kwaron yana da facin da aka kawo kuma basu yi amfani da shi ba tukuna. Wannan facin shine shekara guda ba'a hada ba; OpenSSL, OpenBSD, da Debian sun yiwa kansu facin kansu. Idan masu haɓaka OpenSSL ba su yi amfani da facin ba, za su iya shawo kansu su janye goyon bayansu na Kayayyakin C ++ 5.0 (C masu shirye-shiryen na iya dariya tare da wadannan misalai).
Don haka sun rabu da kusan layuka dubu 150 na lambar da ƙidayawa, musamman bayan cire tallafi ga VMS, ƙazamar rufaffiyar tsarin aiki don sabobin da Hewlett Packard ke riƙe. Kamar dai ana kwatanta X ne da Wayland.
A halin yanzu, na bar muku shafin Bude SSL Valhalla Rampage tare da hoton ban tsoro wanda waɗanda OpenBSD ke ƙoƙarin gyarawa.
Godiya ga wadannan cokulan, software kamar LibreOffice da MariaDB sun sami fifikonsu (a cikin Slackware, sun maye gurbin MySQL da MariaDB, kuma a mafi yawan rikice-rikice, duk sun maye gurbin OpenOffice ɗinsu da LibreOffice).
Amma waɗancan cokulan sun kasance saboda ba sa son samun makoma iri ɗaya da OpenSolaris a hannun sabon "maigidan", lamarin ya zama tilas ne ga buƙata, kuma yawancinsu da sauri sun goyi bayan madadin (wanda a zahiri masu kirkirarta ne amma tare da wani suna). Wannan ya kara birge ni kamar mutanen da ke OpenBSD (Tare da Theo "Linux na masu asara ne" ta Raadt a helm) ba su da farin ciki da ba su haɗa da canje-canjen su ba. A dalilin haka akwai FreeBSD, NetBSD, da OpenBSD.
Na yarda da kai 100%. Ba lallai bane ku zama matsananci, ko fanboy.
Yi haƙuri, abin da kawai zan iya tunani shi ne "Nikzon, don basur."
A bayyane yake a yau sun haɗa da facin rikici.
https://rt.openssl.org/Ticket/Display.html?id=2167#txn-39826
Kamar yadda Felipe, abokin Mafalda ya ce:
"Nufin dole ne kawai abin da, lokacin da aka ɓata shi, ana buƙatar farashi."
Ban fahimci abin da ake fada game da wannan cokali mai yatsa ba, bayan haka, wannan shine yadda al'umma ke buɗe tushen aiki, tare da cokula masu yatsu da haɗuwa. Akasin haka, na ga abin yabo ne cewa sun yanke shawarar yin irin wannan babban kunshin.
Ni ba masani bane a OpenSSL, amma bisa ga maki uku da Diazepan ya ambata, wannan shine "Tallafawa ga tsarin rufaffiyar gaba ɗaya" (VMS), "Lambar da ba ta daɗe" (Visual C ++ 5.0) "da" Rashin tallafi " , ga alama a gare ni cewa da ba zai yiwu ba.
Kuma a, Na ce rashin tallafi, cewa an haɗa facin da aka ambata a yau a yau, ba yana nufin cewa ya fi shekara ɗaya a kan jerin buƙatun ba. Gaskiyar cewa OpenBSD, wanda yana ɗaya daga cikin tsayayyun tsarin a can, ba wai kawai saboda shine OpenBSD ba, amma kuma saboda shine BSD, kuma Debian sun saka shi a wuraren adana su yana nuna cewa ba wata hanyar gwaji bace, amma tana da karko.
Abun takaici shine Gidauniyar Linux bata ganshi haka ba kuma ta kasafta kudi wa OpenSSL, wanda, a nawa ra'ayi kuskure ne, ya kamata su goyi bayan LibreSSL, wani abu da ya fara kusan sifili, farawa da munanan halaye na OpenSSL, kamar misalin malloc.