Re: making Debian secure by default
On Mon, 01 Apr 2024 13:50:22 -0500
John Hasler <john@sugarbit.com> wrote:
> Joe writes:
> > I think this was amply demonstrated by Heartbleed, where the
> > offending code was examined by *one* other pair of eyes, before
> > approval was granted for inclusion in OpenSSL.
>
> The "many eyes" phase comes after release.
Which didn't happen, at least not for two years.
I would suggest that for any software as critical as OpenSSL, more than
one pair of eyes would have been appropriate *before* release.
--
Joe
Reply to: