Re: Initialising OpenSSL more than once - how do we handle this?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 07/30/2018 12:52 PM, Jordan Brown wrote:

Because a zero-leaks policy is a lot easier to manage than having to make a judgement call on each leak whether or not it's important, and having to filter out "unimportant" leaks when you're trying to find out whether you've introduced any "important" leaks.

Maybe the test suite only caused the program to leak one buffer, but that doesn't tell you whether a real workload (or a malicious workload) will leak gigabytes.
-- 
Jordan Brown, Oracle Solaris

^^^ this

So much has changed in programming culture over the decades for me to be able to call it "engineering" any more.  Too much code equivalents of duct tape, chewing gum, and kite string holding things together out there and so many consider that normal and ok.  I never thought I'd see the day that someone would have to defend not leaking memory in pivotal security code like openssl however
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux