Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
On Wed, 16 Apr 2014 08:48:01 -0600
Paul E Condon <firstname.lastname@example.org> wrote:
> On 20140416_0823+0000, Curt wrote:
> > On 2014-04-16, Slavko <email@example.com> wrote:
> > Robin Seggelmann introduced the bug:
> > >From the Sydney Morning Herald:
> > Dr Seggelmann, of Münster in Germany, said the bug which
> > introduced the flaw was "unfortunately" missed by him and a
> > reviewer when it was introduced into the open source OpenSSL
> > encryption protocol over two years ago.
> > Only four eyes?
> This is a silly rhetorical question.
> How many 'eyes' are appropriate for a last, final look?
> Many, many eyes had surely already looked at the same code before
> this final look.
I'd feel a lot better with 200 eyes than 4. Even 10 would make me
But the fault is partly mine. I never contributed to the OpenSSL
project, either with dollars or eyes.
Steve Litt * http://www.troubleshooters.com/
Troubleshooting Training * Human Performance