On Mon, 2013-06-03 at 23:21 -0500, S. Dale Morrey wrote: > More eyes don't always squash bugs. I seem to remember a problem with > OpenSSL awhile ago where someone was initializing a pointer to 0 or > something when it was supposed to be there as a random value. Ended up > causing a major exploit and a huge mess. More eyes would cause political > pressure to decide one way or the other.
Bad example. You're citing the case were a Debian developer blindly silenced a compiler warning without understanding the actual code. In other words, it only affected Debian and its downstreams. There are many eyes on upstream OpenSSL, few on distro-specific changes. However, I do agree that "More eyes don't always squash bugs." /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
