Darksoul71: "Due to the sheer amount of code for the Kernel itself, all applications used and all the libs included it is close to impossible to validate code for possible implemented weaknesses / back doors."

Yes. It seems many eyes saw the Debian bug, but that was not the end of it, it still became a massive mess in spite of the "awareness".

http://marc.info/?l=openssl-dev&m=114651085826293&w=2

Mr. Roeckx was known. http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x41DC1C907244970B and later http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x2064C53641C25E5D

There is the idea that transparency or openness offers an automatic type purity or security to the code so much better than proprietary software, and that may be true...or should be true. However when errors are missed or minimized because of the assumption that so many eyes see the code that "someone else" will look into it, that is a problem. If too many people think along those lines, "nobody" is looking at the code, you know.


Reply via email to