While I agree that the OpenSSL code and procedures should have been documented better, I don't think enough attention is being given to the statement that Ben Laurie emphasizes: ** Never fix a bug you don’t understand. ** I would add that this especially applies to crypto code, and even more especially to crypto code in a widely-used crypto library -- a library that is widely used because people trust that library to get crypto right. As a longtime Debian user I'm embarrassed and saddened that Debian screwed this up so badly.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds