* Ross Cameron  [2008-05-16 14:30:39]:
> Mmmmmmm this isn't the first time I've heard of bogus reports from Valgrind.

quoted text
> How does one politely inform the Debian project to not trust it explicitly

> and to human audit anything it flags?

>

> On Fri, May 16, 2008 at 1:41 PM, Otto Moerbeek  wrote:

>

> > On Fri, May 16, 2008 at 01:31:54PM +0200, Ross Cameron wrote:

> >

> > > Anyone got any thoughts on what the Debian project has been doing to

> > OpenSSL

> > > to have caused this in the first place?

> >

> > yes, read the stuff posted earlier, it contains all relevant links. To

> > summarize, to silence a bogus valgrind warning, almost all seeding of

> > the PRNG used by openssl was removed.

> >

> >        -Otto

>

> 

They probably have figured it out.  This is a pretty big screw-up--it

was in the tree since September 2006.  You don't do something this

bad and not learn from it =).
--

Travers Buda