[linux-elitists] Surveillance

Phil Mayers p.mayers at imperial.ac.uk
Wed Sep 11 02:27:33 PDT 2013


On 09/10/2013 09:07 PM, Rick Moen wrote:

> In the case of the much-ballyhooed inadvertent sabotaging of the RNG in
> the Debian/Ubuntu OpenSSL package[1], I think many commentators don't
> sufficiently appreciate just how bad the spaghetti-code problem in
> upstream OpenSSL is.

I once had to dig into the OpenSSL source to figure out a particular API 
behaviour that was pooly documented.

"Unpleasant" doesn't begin to describe the experience.

This is after accounting for the built-in ick (by virtue of a 
predisposition for X.509) that accompanies all SSL/TLS code.


More information about the linux-elitists mailing list