[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] possible backdoor in OpenSSL X509 verification

To: Jeffrey Walton <noloader@xxxxxxxxx>
Subject: Re: [Full-disclosure] possible backdoor in OpenSSL X509 verification
From: Ben Laurie <ben@xxxxxxxxx>
Date: Fri, 6 Sep 2013 19:33:16 +0100

On 6 September 2013 19:22, Jeffrey Walton <noloader@xxxxxxxxx> wrote:

> I've tried to get the Foundation to address these problems with policy
> ("everything must have positive and negative test cases"). No one
> really cared. Then I tried to get them to address it by accepting my
> negative test cases (which broke things in practice). No one really
> cared. Until the project improves their engineering process, things
> won't change.
>

I'm finding git pull requests way easier to deal with than all previous
known mechanisms for contributing. I care a lot about testing, but like the
"one full time developer" I'm also busy - and mostly not with OpenSSL.
Anyway, give it a try.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] possible backdoor in OpenSSL X509 verification
  - From: Arnis
- Re: [Full-disclosure] possible backdoor in OpenSSL X509 verification
  - From: Jeffrey Walton

Prev by Date: Re: [Full-disclosure] possible backdoor in OpenSSL X509 verification
Next by Date: [Full-disclosure] [CORE-2013-0809] Sophos Web Protection Appliance Multiple Vulnerabilities
Previous by thread: Re: [Full-disclosure] possible backdoor in OpenSSL X509 verification
Next by thread: [Full-disclosure] TWSL2013-027: Multiple Vulnerabilities in AjaXplorer
Index(es):
- Date
- Thread