rick at linuxmafia.com
Tue Sep 10 13:07:47 PDT 2013
Quoting Eugen Leitl (eugen at leitl.org):
> Consider all the crypto-related fubars in Debian. So far I chalked
> that up to incompetence, but now I do wonder. It would be good to do
> some forensics on the checkins that caused the regressions, and
> identify the culprits.
In the case of the much-ballyhooed inadvertent sabotaging of the RNG in
the Debian/Ubuntu OpenSSL package, I think many commentators don't
sufficiently appreciate just how bad the spaghetti-code problem in
upstream OpenSSL is. Those who ascribe malice to Kurt Roeckx for his
good-faith effort to fix truly messed-up C code are being, IMO, a bit
idiotic and are missing the real problem entirely.
More information about the linux-elitists