login
Header Space

 
 

Re: More details show that someone seriously fucked up in debian. [Was: Re: Debian libssl security (OpenSSH safe?)]

Score:
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
To: chefren <chefren@...>
Cc: openbsd-misc <misc@...>
Date: Thursday, May 15, 2008 - 2:05 pm

On Wed, 14 May 2008, chefren wrote:


No, he hasn't. A question posed to a predominatly users' mailing list is
not the same as a proper bug report and patch submission. Vendors,
especially the size of Debian, should be held to a high standard of 
behaviour. Critically, he didn't identify that he was considering removing
these lines *for every user of Debian*.


Speaking as someone who has done the last two revs of the OpenBSD libssl,
I haven't tried to upstream our changes - they OpenBSD specific things
like using /dev/arandom and /dev/crypto. I think that any serious patch
we sent would have a good chance of inclusion.


No, he is 100% correct. Vendors "adding value" to security software 
when they lack basic code comprehension skills is simply dangerous to
their users. It is surprising that this should be controversial.


Congratulations, you have just demonstrated youself to be the same
category of incomprehension as the Debian developers.

-d
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:
Debian libssl security (OpenSSH safe?), Juan Miscaro, (Tue May 13, 11:37 am)
Re: Debian libssl security (OpenSSH safe?), Sean Malloy, (Tue May 13, 12:14 pm)
Re: Debian libssl security (OpenSSH safe?), Gabriel Linder, (Wed May 14, 3:41 am)
Re: Debian libssl security (OpenSSH safe?), Otto Moerbeek, (Wed May 14, 7:22 am)
Re: Debian libssl security (OpenSSH safe?), Ted Unangst, (Wed May 14, 7:24 am)
Re: Debian libssl security (OpenSSH safe?), raven, (Wed May 14, 7:45 pm)
Re: Debian libssl security (OpenSSH safe?), Darrin Chandler, (Wed May 14, 8:22 pm)
Re: Debian libssl security (OpenSSH safe?), Ben Calvert, (Wed May 14, 8:30 pm)
Re: Debian libssl security (OpenSSH safe?), Ted Unangst, (Wed May 14, 10:22 pm)
Re: Debian libssl security (OpenSSH safe?), Darrin Chandler, (Wed May 14, 10:43 pm)
Re: Debian libssl security (OpenSSH safe?), Otto Moerbeek, (Thu May 15, 1:11 am)
Re: Debian libssl security (OpenSSH safe?), Dave Ewart, (Thu May 15, 5:02 am)
Re: Debian libssl security (OpenSSH safe?), Tim Post, (Thu May 15, 5:44 am)
Re: Debian libssl security (OpenSSH safe?), Darrin Chandler, (Thu May 15, 9:31 am)
Re: Debian libssl security (OpenSSH safe?), Tim Post, (Fri May 16, 2:51 am)
Re: Debian libssl security (OpenSSH safe?), Ted Unangst, (Wed May 14, 11:10 pm)
Re: Debian libssl security (OpenSSH safe?), Jussi Peltola, (Wed May 14, 8:53 pm)
Re: Debian libssl security (OpenSSH safe?), Douglas A. Tutty, (Thu May 15, 9:52 am)
Re: Debian libssl security (OpenSSH safe?), Marc Espie, (Tue May 13, 1:00 pm)
Re: More details show that someone seriously fucked up in de..., Damien Miller, (Thu May 15, 2:05 pm)
speck-geostationary