Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
On Wed, 16 Apr 2014 08:48:01 -0600
Paul E Condon <pecondon@mesanetworks.net> wrote:
> On 20140416_0823+0000, Curt wrote:
> > On 2014-04-16, Slavko <slavino@slavino.sk> wrote:
> > Robin Seggelmann introduced the bug:
> >
> > >From the Sydney Morning Herald:
> >
> > Dr Seggelmann, of Münster in Germany, said the bug which
> > introduced the flaw was "unfortunately" missed by him and a
> > reviewer when it was introduced into the open source OpenSSL
> > encryption protocol over two years ago.
> >
> > Only four eyes?
>
> This is a silly rhetorical question.
> How many 'eyes' are appropriate for a last, final look?
> Many, many eyes had surely already looked at the same code before
> this final look.
I'd feel a lot better with 200 eyes than 4. Even 10 would make me
nervous.
But the fault is partly mine. I never contributed to the OpenSSL
project, either with dollars or eyes.
SteveT
Steve Litt * http://www.troubleshooters.com/
Troubleshooting Training * Human Performance
Reply to: