Darksoul71: "Due to the sheer amount of code for the Kernel itself, all
applications used and all the libs included it is close to impossible to
validate code for possible implemented weaknesses / back doors."
Yes. It seems many eyes saw the Debian bug, but that was not the end of it,
it still became a massive mess in spite of the "awareness".
http://marc.info/?l=openssl-dev&m=114651085826293&w=2
Mr. Roeckx was known.
http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x41DC1C907244970B and
later http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x2064C53641C25E5D
There is the idea that transparency or openness offers an automatic type
purity or security to the code so much better than proprietary software, and
that may be true...or should be true. However when errors are missed or
minimized because of the assumption that so many eyes see the code that
"someone else" will look into it, that is a problem. If too many people think
along those lines, "nobody" is looking at the code, you know.