Re: making Debian secure by default

To: debian-user@lists.debian.org
Cc: john@sugarbit.com (John Hasler)
Subject: Re: making Debian secure by default
From: Joe <joe@jretrading.com>
Date: Mon, 1 Apr 2024 20:40:25 +0100
Message-id: <[🔎] 20240401204025.7c12dce7@jrenewsid.jretrading.com>
In-reply-to: <[🔎] 875xx0zzm9.fsf@sugarbit.com>
References: <CAD8GWssBoRrCzW0TSUGxMeuY=y_bTM-nMuSO7_4g1Kyk79fgqQ@mail.gmail.com> <ZgSljhflfCtsnnCq@mail.bitfolk.com> <CAD8GWsswLPH327tvj64HkWuMfayXczJyyviSk9Um2CAHHjoovg@mail.gmail.com> <ZgVw+HFmMseszOcm@mail.bitfolk.com> <ZgWLmLCjcOTqhk2a@wooledge.org> <slrnv0bba0.1hf.curty@einstein.electron.org> <Zgbx8L7m3k92QWzm@mail.bitfolk.com> <20240329172333.7439c34e@jrenewsid.jretrading.com> <[🔎] CAJmb-Y=M67E3PDrgzYkHt98gbzef5-0+2q2RubwhGurxkaH1-g@mail.gmail.com> <[🔎] ZgoRo7jKKXSEV7Ai@mail.bitfolk.com> <[🔎] 20240401134741.7a2ca89c@jrenewsid.jretrading.com> <[🔎] 875xx0zzm9.fsf@sugarbit.com>

On Mon, 01 Apr 2024 13:50:22 -0500
John Hasler <john@sugarbit.com> wrote:

> Joe writes:
> > I think this was amply demonstrated by Heartbleed, where the
> > offending code was examined by *one* other pair of eyes, before
> > approval was granted for inclusion in OpenSSL.  
> 
> The "many eyes" phase comes after release.

Which didn't happen, at least not for two years.

I would suggest that for any software as critical as OpenSSL, more than
one pair of eyes would have been appropriate *before* release.

-- 
Joe

Reply to:

Follow-Ups:
- Re: making Debian secure by default
  - From: John Hasler <john@sugarbit.com>

References:
- Re: making Debian secure by default
  - From: Nicholas Geovanis <nickgeovanis@gmail.com>
- Re: making Debian secure by default
  - From: Andy Smith <andy@strugglers.net>
- Re: making Debian secure by default
  - From: Joe <joe@jretrading.com>
- Re: making Debian secure by default
  - From: John Hasler <john@sugarbit.com>

Prev by Date: Re: making Debian secure by default
Next by Date: Re: making Debian secure by default
Previous by thread: Re: making Debian secure by default
Next by thread: Re: making Debian secure by default
Index(es):
- Date
- Thread