Agenda

• Handling security vulnerabilities in the future
  • Always make a security announcement
  • Always get a CVE entry
  • Always have a security announcement (threat, impact, etc.)
  • Makes handling the issue much easier for downstream
• OpenVPN 3.0
  • Was released along API documentation under AGPL (v3?) in FOSDEM 2013
  • Currently used primarily/only in OpenVPN Connect clients for Android/iOS from OpenVPN Technologies, Inc.
  • Getting the code to Git: currently only a tarball is available
  • Due to iOS store policy has to be relicenseable under a non-copyleft license
• OpenVPN 2.4
  • What is the goal of the 2.4 release?
  • What patches in "master" are 2.4-only material?