On Sat, May 24, 2008 at 8:18 AM, Raul Limos <[EMAIL PROTECTED]> wrote: > Huge Hole in Open Source Software Found, Leaves Millions Vulnerable: > http://www.dailytech.com/article.aspx?newsid=11869
Pretty old news (I've blogged this last week)[0] and pretty much exaggerates, by insinuating the the whole incident was a deliberate attempt to install a backdoor. FWIW Kurt Roeckx (the current maintainer of OpenSSL) is a longtime Debian developer, and although its his bad to not actually show the patch that broke OpenSSL, I don't think it was deliberately left off with malice in mind. Furthermore, it has been shown even in Ben Laurie's blog that there was no clear line of direct commication to the OpenSSL developers: they had an [EMAIL PROTECTED] address that would have allowed direct communication to upstream developers, yet this address was barely mentioned in source, or even onthe website![1] [0] http://blog.zakame.net/news/openssl-remote-dsa-1571 [1] http://advogato.org/person/branden/diary/5.html . To put that in perspective, Branden is a former Debian Project Leader. -- Zak B. Elep || http://zakame.spunge.org [EMAIL PROTECTED] || [EMAIL PROTECTED] || [EMAIL PROTECTED] 1486 7957 454D E529 E4F1 F75E 5787 B1FD FA53 851D _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
