[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)



On Wed, 16 Apr 2014 08:48:01 -0600
Paul E Condon <pecondon@mesanetworks.net> wrote:

> On 20140416_0823+0000, Curt wrote:
> > On 2014-04-16, Slavko <slavino@slavino.sk> wrote:

> > Robin Seggelmann introduced the bug:
> > 
> > >From the Sydney Morning Herald:
> > 
> >  Dr Seggelmann, of Münster in Germany, said the bug which
> > introduced the flaw was "unfortunately" missed by him and a
> > reviewer when it was introduced into the open source OpenSSL
> > encryption protocol over two years ago.
> > 
> > Only four eyes?
> 
> This is a silly rhetorical question. 
> How many 'eyes' are appropriate for a last, final look?
> Many, many eyes had surely already looked at the same code before
> this final look. 

I'd feel a lot better with 200 eyes than 4. Even 10 would make me
nervous.

But the fault is partly mine. I never contributed to the OpenSSL
project, either with dollars or eyes.

SteveT

Steve Litt                *  http://www.troubleshooters.com/
Troubleshooting Training  *  Human Performance


Reply to: