[linux-elitists] Surveillance

Rick Moen rick at linuxmafia.com
Tue Sep 10 13:07:47 PDT 2013


Quoting Eugen Leitl (eugen at leitl.org):

> Consider all the crypto-related fubars in Debian.  So far I chalked
> that up to incompetence, but now I do wonder. It would be good to do
> some forensics on the checkins that caused the regressions, and
> identify the culprits.  

In the case of the much-ballyhooed inadvertent sabotaging of the RNG in
the Debian/Ubuntu OpenSSL package[1], I think many commentators don't
sufficiently appreciate just how bad the spaghetti-code problem in
upstream OpenSSL is.  Those who ascribe malice to Kurt Roeckx for his
good-faith effort to fix truly messed-up C code are being, IMO, a bit
idiotic and are missing the real problem entirely.  

[1] http://lwn.net/Articles/282038/



More information about the linux-elitists mailing list