>>> In fact, I thought that was the reason we all >>> had to wait ages before this long standing shortcoming >>> was fixed. >> >> It almost sound like you are complaining you did not have to wait ages :) > > It's the inconsistency of first insisting this cannot go > into a patch and then pushing out a broken implementation > inside a patch which was only supposed to fix security > and build issues. OK.. so that's a legitimate gripe. OpenSSL has opportunities for improvements in their testing and release process. There is ***absolutely no reason**** a patch should not be tested before being released. Its been a chronic problem with the project. For what its worth, I've given up on the Testing Group (https://groups.google.com/forum/#!forum/openssl-testing). No meaningful change came from it. The devs are still undisciplined in this area, and they still do what they want. Jeff
