Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
On 20140416_0823+0000, Curt wrote:
> On 2014-04-16, Slavko <email@example.com> wrote:
> > If this vulnerability comes not from newbie and was made by intent,
> > thing are worse than wrong. Then it is an attack to alone fundamental of
> > the free/open software. And what community about this? Where are
> > information, from who this vulnerability arrived? It is experienced
> > expert or it is a novice? Contribute this person to another (especially
> > security) projects too? What this person tell about this? And more and
> > more another questions are left unanswered.
> Robin Seggelmann introduced the bug:
> >From the Sydney Morning Herald:
> Dr Seggelmann, of Münster in Germany, said the bug which introduced the
> flaw was "unfortunately" missed by him and a reviewer when it was
> introduced into the open source OpenSSL encryption protocol over two
> years ago.
> Only four eyes?
This is a silly rhetorical question.
How many 'eyes' are appropriate for a last, final look?
Many, many eyes had surely already looked at the same code before
this final look.
Paul E Condon