[Cryptech Tech] http://opensslrampage.org/

Joachim Strömbergson joachim at secworks.se
Tue May 6 06:43:14 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Russ Housley wrote:
> I am really surprised by some of the bugs that are being discussed. 
> The write-up on some of the code commits is really funny.

It really is an eye opener and the OpenSSL is an abyss into the realm of
cthulhu. The OpenSSL developers really don't seem to have cared at all
about fixing problems, but only to add new features. Not using any type
of dev methodology and no life cycle thinking at all.

Having a fix in place for a bug in a defunct cc of a defunct OS
(ultrix), a fix that still affects all other systems is not good policy.
And in 2014 running your own malloc because some systems 10+ years ago
had performance problems is not a good thing either. Esp since the home
made malloc has not been tested properly and contains bugs.

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJTaISCAAoJEF3cfFQkIuyNq8kP/3rvRohMkx0JemFB/ZvKR5rd
Q+mfKiQ7BLi572DCuiQg9a03eE5WnkL7mTJF69cNdjA6FxjfIBuCbvRexiYxFErg
SUiyUH0ACa+pcydI0e1LFEro+nzAGjxWCrjZEqwIWxEap5pYRa39Ew3PNCkps9Ec
rjR8FiLyKz/WIoIuDgjq96TVw1SM3OeILIALbFNDRiIIDlUDEEH4vKWWrf4ThWqK
k/u0QY46onnJ0Dg93cXaZg5UvNhtwE6af/eaGd20yvoqdC9gYwMOk4qFiSGX0cLG
ymND7r48tmC0Rf2zdkE8mD0dr/5t/OXlYLpqNzVQJjJhz5iLRkZGYbxDVaimGE/C
5BbYSU1FHckTL5pqzjkw3Xm5iRTzk/3Mhewpbw5iRqO7iz9t9lzhVH4vgZcSUDd0
pAXazuGBA8m+vl/X/uWnSYXlIf5D0XLKlFYqpTaVrdCadmNNtlbrWNhkKqh/ikjW
z85P205falMGaRYMUjFEL2sp8Sykg0bbYD5UwWXVhBgib3mk6HHcC8TgHxpAvj8M
Zh9no5qm4sGilkTeC6F7tM09+LeVcGEEAJaLLrbvRl0krz14FKkHXNeI578JqoMq
d4I7PCrEc2PCCvY7Hvsp9vYx88SkeDq6FmDeJ9LEBj2RLeNe1Y/8CMUs9bae+hRo
0vkVyV94sTn5cfdUeeks
=+sA2
-----END PGP SIGNATURE-----


More information about the Tech mailing list