Re: Debian libssl security (Cause???)

view
thread

Score:

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Ted Unangst <ted.unangst@...>

To: <ross.cameron@...>

Cc: Otto Moerbeek <otto@...>, <misc@...>

Subject: Re: Debian libssl security (Cause???)

Date: Friday, May 16, 2008 - 4:02 pm

On 5/16/08, Ross Cameron <ross.cameron@linuxpro.co.za> wrote:
quoted text> Mmmmmmm this isn't the first time I've heard of bogus reports from Valgrind.
>  How does one politely inform the Debian project to not trust it explicitly
>  and to human audit anything it flags?

I think people are placing too much blame on valgrind.  valgrind
doesn't tell you "Delete this line of code."  It says "You are using
uninitialized memory here."  The correct fix is to initialize the
memory, not delete the line of code.  It's not about trusting or not
trusting the tool; it's about responding correctly.

I've seen innocuous valgrind reports, but never wrong ones.  I also
saw a valgrind report ignored as innocuous because it didn't seem to
cause trouble, only to be the root cause of a problem that cost a
minimum of $50,000 to resolve later.

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Debian libssl security (Cause???), Ross Cameron, (Fri May 16, 7:31 am)

Re: Debian libssl security (Cause???), Otto Moerbeek, (Fri May 16, 7:41 am)

Re: Debian libssl security (Cause???), Ross Cameron, (Fri May 16, 8:30 am)

Re: Debian libssl security (Cause???), Ted Unangst, (Fri May 16, 4:02 pm)

Re: Debian libssl security (Cause???), Otto Moerbeek, (Sat May 17, 2:36 am)

Re: Debian libssl security (Cause???), Tim Post, (Sat May 17, 3:12 am)

Re: Debian libssl security (Cause???), Travers Buda, (Fri May 16, 2:33 pm)

Re: Debian libssl security (Cause???), mcb, inc., (Fri May 16, 3:06 pm)

Navigation

Mail archive search

Popular discussions


linux-kernel:
Tarkan Erimer	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Bart Van Assche	Integration of SCST in the mainstream Linux kernel
Greg Kroah-Hartman	[PATCH 001/196] Chinese: Add the known_regression URI to the HOWTO
Tarkan Erimer	Re: Slow DOWN, please!!!
git:
Kevin Ballard	Re: git on MacOSX and files with decomposed utf-8 file names
Jakub Narebski	Re: VCS comparison table
David	User's mailing list? And multiple cherry pick
Ken Pratt	pack operation is thrashing my server
linux-netdev:
Gerrit Renker	[PATCH 03/37] dccp: List management for new feature negotiation
Jiri Olsa	[PATCH] net: fix race in the receive/select
Jarek Poplawski	[PATCH take 2] pkt_sched: Protect gen estimators under est_lock.
Rick Jones	Re: RFC: Nagle latency tuning
openbsd-misc:
Richard Stallman	Real men don't attack straw men
list-obsd-misc	Re: low-MHz server
Luca Corti	Re: About Xen: maybe a reiterative question but ..
Jerome Santos	sshd.config and AllowUsers

Latest forum posts


sata_via causes emask timeout	3 hours ago	Linux kernel
KernelTrap: No Updates Into September, New Theme	2 days ago	KernelTrap Changes and News
spi uart interface	2 days ago	Linux kernel
problem in Signals	6 days ago	Linux general
How would someone compile a 2.2.x kernel on a relatively modern system?	1 week ago	Linux kernel
Modems - GSM PPP fail to get IP address	1 week ago	Applications and Utilities
Who or what is Linus Torvalds?	1 week ago	Linux general
ethernet got wierd after 2.6.29	1 week ago	Linux kernel
ATA error messages and pata_sch module	1 week ago	Linux kernel
windows folder creation surprise	2 weeks ago	Windows

Show all forums...

Recent Tags

more tags

Colocation donated by:

Online users

Syndicate