eugen at leitl.org
Wed Sep 11 01:54:55 PDT 2013
On Tue, Sep 10, 2013 at 01:07:47PM -0700, Rick Moen wrote:
> Quoting Eugen Leitl (eugen at leitl.org):
> > Consider all the crypto-related fubars in Debian. So far I chalked
> > that up to incompetence, but now I do wonder. It would be good to do
> > some forensics on the checkins that caused the regressions, and
> > identify the culprits.
> In the case of the much-ballyhooed inadvertent sabotaging of the RNG in
> the Debian/Ubuntu OpenSSL package, I think many commentators don't
> sufficiently appreciate just how bad the spaghetti-code problem in
> upstream OpenSSL is. Those who ascribe malice to Kurt Roeckx for his
OpenSSL does look unfixable. I hear a lot of good things about
Unfortuntunately, the "no license: public domain" bit will be a
deal-breaker to many.
> good-faith effort to fix truly messed-up C code are being, IMO, a bit
> idiotic and are missing the real problem entirely.
>  http://lwn.net/Articles/282038/
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: Digital signature
More information about the linux-elitists