[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Heartbleed


Dňa Tue, 15 Apr 2014 22:32:26 -0500 Bill Wood
<william.wood3@comcast.net> napísal:

> I've been following this thread since it started, as well as some
> other Internet sites that have been mentioned, and I have noticed that
> everyone talks about the impact on the financial services sector but
> no one has mentioned the health care information sector.  I

Not everyone ;-) My bank had no problem with this, my hospital uses
standard papers...

I am talking about encryption and the F/OSS in general and i have my
privacy in the mind. Here exists a lot of people int today world, which
tell, that they have nothing to hide. But i don't want to share my
privacy with others. I want, that my small home server to remain my
(administration) and when i encrypt something, i want to nobody smile
from me (and my public secrets). And i am talking about my fears from
near future...

I expect, that critical applications (openssl, gpg, ssh, gnutls, etc)
will not contain these mistakes, and if something similar happens again
(because yes - mistakes happens), then discovering these mistakes will
not take years, but days or weeks...

I cannot contribute. I am not a crypto expert, nor the C expert (nor
any other language). I am regular user (perhaps more than regular,
but in software usage), i have no spare money to sponsor them. I can
(and i do it) contribute on another parts (translating, package
management, etc), but i cannot help with code or code reviews.

Is it a my mistake, that i cannot help with this? Am i expecting a
lot? Need i switch to proprietary software (yes, i know, that is no

And there is one crucial question. There was debian's patches, gnutls
mistakes, gnupg mistakes in last years. Now there was a openssl problem.
The crucial question is: What will be next? What need to happen, in
order to things changes?

I am sorry, that i am sharing my frustration...



Attachment: signature.asc
Description: PGP signature

Reply to: