On Tue, Jun 4, 2013 at 3:04 AM, Stuart Jansen <[email protected]> wrote:
> On Mon, 2013-06-03 at 23:21 -0500, S. Dale Morrey wrote: > > More eyes don't always squash bugs. I seem to remember a problem with > > OpenSSL awhile ago where someone was initializing a pointer to 0 or > > something when it was supposed to be there as a random value. Ended up > > causing a major exploit and a huge mess. More eyes would cause political > > pressure to decide one way or the other. > > Bad example. You're citing the case were a Debian developer blindly > silenced a compiler warning without understanding the actual code. In > other words, it only affected Debian and its downstreams. There are many > eyes on upstream OpenSSL, few on distro-specific changes. > > However, I do agree that "More eyes don't always squash bugs." > > These are clearly the exception and not the rule in my mind. Surely members of a local LUG aren't suggesting we close source our applications to protect it from mistakes! :-) /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
