On 14 Apr 2014 04:13, "Gideon Guillen" <[email protected]> wrote: > > > On Apr 13, 2014 4:22 AM, "Rogelio Serrano" <[email protected]> wrote: > > > > > > On 12 Apr 2014 20:48, "fooler mail" <[email protected]> wrote: > > > > > > you don't get it also.... plan B is to deny that is not intentional > > > > He put it there on purpose? Where is that coming from? The guy apologised! > > Well given there are already news that the NSA exploited the bug, even though they denied it. Of course the if this guy was paid by the NSA to insert this "backdoor", he will never, ever admit it. > > That's why for stuff like OpenSSL, they need to change the process for accepting patches, probably two or three levels of approval. And there should be a regular code audit by a very reliable third party. >
Funding is flooding in and many businesses are now doing an audit Including mine. The openssl mailing list is where information is being shared. No need for reliable third party. Funny how many people ask me why toy software is so widespread in critical infra! Yeah why is that? > > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
