LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for June 20, 2013

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Debian, OpenSSL, and a lack of cooperation

Debian, OpenSSL, and a lack of cooperation

Posted May 17, 2008 10:45 UTC (Sat) by jch (guest, #51929)
Parent article: Debian, OpenSSL, and a lack of cooperation 

I think it is important to understand that whatever the problems of the OpenSSL development
team (and I agree there are quite a few), Roeckx did one very wrong thing.

Roeckx introduced a patch into the Debian package without first trying to get it included
upstream.  Trying to include your patch upstream will expose it to the many eyes that make
bugs shallow, and will give you useful feedback; after you've gone through that, and fully
understood why your patch was rejected, you can make an informed decision whether to include
it in your package.

It is unfortunate that many distribution maintainers (and Debian is far from being the worst
in that regard) find it easier, faster, cheaper to just include random hacks into their
packages without trying to push them upstream.

(Log in to post comments)

Debian, OpenSSL, and a lack of cooperation

Posted May 17, 2008 20:16 UTC (Sat) by jimparis (subscriber, #38647) [Link] 

He discussed it on openssl-dev and got a (weak) go-ahead from an openssl developer.  I don't
see this general trend you seem to be hinting at.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds