Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)

To: debian-user@lists.debian.org
Subject: Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
From: Paul E Condon <pecondon@mesanetworks.net>
Date: Wed, 16 Apr 2014 08:48:01 -0600
Message-id: <[🔎] 20140416144801.GA22471@big.lan.gnu>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] slrnlksfck.2e5.curty@einstein.electron.org>
References: <[🔎] 1397407039.609.61.camel@archlinux> <[🔎] 20140414030313.GA9681@tal> <[🔎] 534B8648.1000604@hardwarefreak.com> <[🔎] 20140414150113.GA23216@tal> <[🔎] CAH_OBid=t4+udRZctLB2PQMGZ4oiKCGoOiFKRFmWOcbbDFiK2g@mail.gmail.com> <[🔎] 20140415044417.GB4034@tal> <[🔎] CAH_OBic6Q=S4Zygi=2sRFsW3tMNenn7U6941m2ABkVfmEobWVw@mail.gmail.com> <[🔎] br5uujFskgsU2@mid.individual.net> <[🔎] 534E178E.1070505@slavino.sk> <[🔎] slrnlksfck.2e5.curty@einstein.electron.org>

On 20140416_0823+0000, Curt wrote:
> On 2014-04-16, Slavko <slavino@slavino.sk> wrote:
> >
> > If this vulnerability comes not from newbie and was made by intent,
> > thing are worse than wrong. Then it is an attack to alone fundamental of
> > the free/open software. And what community about this? Where are
> > information, from who this vulnerability arrived? It is experienced
> > expert or it is a novice? Contribute this person to another (especially
> > security) projects too? What this person tell about this? And more and
> > more another questions are left unanswered.
> 
> Robin Seggelmann introduced the bug:
> 
> >From the Sydney Morning Herald:
> 
>  Dr Seggelmann, of Münster in Germany, said the bug which introduced the
>  flaw was "unfortunately" missed by him and a reviewer when it was
>  introduced into the open source OpenSSL encryption protocol over two
>  years ago.
> 
> Only four eyes?

This is a silly rhetorical question. 
How many 'eyes' are appropriate for a last, final look?
Many, many eyes had surely already looked at the same code before
this final look. 

-- 
Paul E Condon           
pecondon@mesanetworks.net

Reply to:

Follow-Ups:
- Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
  - From: Curt <curty@free.fr>
- Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
  - From: Steve Litt <slitt@troubleshooters.com>

References:
- Re: My fellow (Debian) Linux users ...
  - From: Ralf Mardorf <ralf.mardorf@rocketmail.com>
- Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
  - From: Chris Bannister <cbannister@slingshot.co.nz>
- Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
  - From: Stan Hoeppner <stan@hardwarefreak.com>
- Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
  - From: Chris Bannister <cbannister@slingshot.co.nz>
- Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
  - From: shawn wilson <ag4ve.us@gmail.com>
- Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
  - From: Chris Bannister <cbannister@slingshot.co.nz>
- Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
  - From: shawn wilson <ag4ve.us@gmail.com>
- Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
  - From: Charles Kroeger <ckrogrr@frankensteinface.com>
- Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
  - From: Slavko <slavino@slavino.sk>
- Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
  - From: Curt <curty@free.fr>

Prev by Date: Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
Next by Date: Repeatable apt-get WARNING: The following packages cannot be authenticated!
Previous by thread: Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
Next by thread: Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
Index(es):
- Date
- Thread