Re: Re: [CentOS-announce] Impact of the Debian OpenSSL vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Mon, May 19, 2008 at 3:53 PM, Johnny Hughes <johnny@xxxxxxxxxx> wrote:
> Les Mikesell wrote:
>> Does anyone know the point of the patch in the first place?  That is, why
>> would a distro-specific modification have been needed at all?  I don't
>> suspect an intentional compromise here but I'm curious about why anyone
>> would consider a non-standard change.
>>
>
> The change was added due to valgrind testing of openssh and warnings
> produced while compiling.
>
> The removal was discussed on the openssh-devel list.
>
> If was clearly an accident caused by trying to do the right thing.

And a miscommunication, it seems that the OpenSSL developers the patch
was just used for debugging purposes, while the Debian packages
understood it as a confirmation that the patch was ok.

Errors do happen, even to the brightest of all developers. Though,
most bugs do not have such  far-reaching consequences. The best thing
is to learn from it, and to move on.

Take care,
Daniel
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux