Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> The OpenSSL team refuses to even use SSL/TLS on their website because "they don't want anyone to get the slightest illusion that it's secure"

Eh?

1) Visting http://www.openssl.org automatically redirects me to https://www.openssl.org .

2) The OpenSSL source code is stored in a git repo in GitHub. While this doesn't ensure that the code hasn't been tampered with, git does make it substantially easier to detect tampering than other VCSs do.

3) All of the release tarballs are PGP signed. Verification of the authenticity of these files is just about as automatic as it gets.



I could be mistaken but I think, not too long ago, openssl.org used to redirect to openssl.net.

And if I recall correctly, it was http://openssl.net not https://.

Is it possible there have been some changes in recent years?


> Is it possible there have been some changes in recent years?

Well, I made my comment based largely on information that I verified a few minutes before I wrote the comment. I'm unaware of the site's history.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: