Debian, OpenSSL, and a lack of cooperation
Posted Mar 23, 2011 5:31 UTC (Wed) by cce_
In reply to: Debian, OpenSSL, and a lack of cooperation
Parent article: Debian, OpenSSL, and a lack of cooperation
There's a much better technical writeup of exactly what Kurt Roeckx got wrong by Gergely Risko. He didn't just comment out a couple of lines because they told him it was okay.
He ignored working -DPURIFY #ifdefs (and advice that they worked, and to use them) that could've easily solved his problem. Then he commented out code that weren't part of his problem (and weren't surrounded by #ifdef PURIFY, a clear signal that it was a dicey idea) out of sheer ignorance.
The guy had no idea what the code he was editing actually DID, and had no business editing OpenSSL without telling anyone. He notified no one on the OpenSSL list that he was about to commit changes that would affect the security of millions of computers.
Read the thread yourself; they gave him good advice (try -DPURIFY) and he ignored it, then never followed up to show them the patch he recklessly committed. The level of negligence and hubris he showed is nearly criminal.
And even worse, Debian never kicked him off his position maintaining OpenSSL; he continues to maintain it today. In 2009 he was appointed Debian Secretary and he was re-appointed in February 2011. Is this how Debian rewards incompetence? I suppose he meant well.
to post comments)