| |||||||||||||
Cryptographic weakness on Debian systemsCryptographic weakness on Debian systemsPosted May 13, 2008 18:51 UTC (Tue) by tialaramex (subscriber, #21167)In reply to: Cryptographic weakness on Debian systems by mbanck Parent article: Cryptographic weakness on Debian systems
Here's a smoking gun OpenSSL developer mailing list thread. Already linked above actually... http://marc.info/?t=114651088900003&r=1&w=2 I don't know if anyone in that conversation "represents" OpenSSL in some sense, but there was plenty of opportunity for anyone, even an interested bystander to interject "that is a terrible idea" and no-one did.
(Log in to post comments)
Cryptographic weakness on Debian systems Posted May 13, 2008 19:50 UTC (Tue) by nix (subscriber, #2304) [Link] Apparently that's a list for people developing apps *with* openssl, and the openssl devs don't all read it. (If so, well done openssl: not only is your code an uncommented stylistically awful dog's dinner, your mailing lists also have ridiculously misleading names. There's a reason I encourage GnuTLS use over OpenSSL wherever possible, and it's not the license...)
Cryptographic weakness on Debian systems Posted May 13, 2008 19:57 UTC (Tue) by jake (editor, #205) [Link] > Apparently that's a list for people developing apps *with* openssl, and the openssl devs don't all read it.That's what Ben Laurie said, but the web page for OpenSSL support says different: Discussions on development of the OpenSSL library. Not for application development questions! So it would seem like a reasonable place to ask questions of that nature. jake
Cryptographic weakness on Debian systems Posted May 13, 2008 20:16 UTC (Tue) by dark (subscriber, #8483) [Link]
The README distributed with openssl also says to submit patches to
openssl-dev. And the FAQ on openssl.org ("How can I contact the OpenSSL
developers?") says to look in the README.
Cryptographic weakness on Debian systems Posted May 14, 2008 0:42 UTC (Wed) by nix (subscriber, #2304) [Link] OK, I'll go and be quiet in the corner for not fact-checking before burbling. Apologies.
Cryptographic weakness on Debian systems Posted May 14, 2008 23:54 UTC (Wed) by cortana (subscriber, #24596) [Link] Well, don't feel so bad. The OpenSSL developers also didn't bother fact-checking either. ;)
Cryptographic weakness on Debian systems Posted May 15, 2008 4:20 UTC (Thu) by ajf (subscriber, #10844) [Link] If a member of the OpenSSL team got it wrong, you can hardly blame yourself for believing him.
|
|||||||||||||