Debian, OpenSSL, and a lack of cooperation
Debian, OpenSSL, and a lack of cooperation
Posted May 22, 2008 6:10 UTC (Thu) by ketilmalde (guest, #18719)In reply to: Debian, OpenSSL, and a lack of cooperation by melo@simplicidade.org
Parent article: Debian, OpenSSL, and a lack of cooperation
The second best writeup. The best one is definitely the one at xkcd.
Posted Mar 23, 2011 5:31 UTC (Wed)
by cce_ (guest, #73808)
[Link] (1 responses)
There's a much better technical writeup of exactly what Kurt Roeckx got wrong by Gergely Risko. He didn't just comment out a couple of lines because they told him it was okay. He ignored working -DPURIFY #ifdefs (and advice that they worked, and to use them) that could've easily solved his problem. Then he commented out code that weren't part of his problem (and weren't surrounded by #ifdef PURIFY, a clear signal that it was a dicey idea) out of sheer ignorance. The guy had no idea what the code he was editing actually DID, and had no business editing OpenSSL without telling anyone. He notified no one on the OpenSSL list that he was about to commit changes that would affect the security of millions of computers. Read the thread yourself; they gave him good advice (try -DPURIFY) and he ignored it, then never followed up to show them the patch he recklessly committed. The level of negligence and hubris he showed is nearly criminal. And even worse, Debian never kicked him off his position maintaining OpenSSL; he continues to maintain it today. In 2009 he was appointed Debian Secretary and he was re-appointed in February 2011. Is this how Debian rewards incompetence? I suppose he meant well.
Posted Apr 20, 2011 9:43 UTC (Wed)
by nix (subscriber, #2304)
[Link]
Debian, OpenSSL, and a lack of cooperation
Debian, OpenSSL, and a lack of cooperation