[PLUG] Alarming Open-Source Security Holes (MIT Technology Review, Debian/Ubuntu SSH Key sec. hole)

Santosh Dawara sdawara at gmail.com
Wed May 28 17:56:56 IST 2008


Also see, "Vendors are bad for Security"

-- Quote --
/I’ve ranted about this at length before, I’m sure - even in print, in 
O’Reily’s Open Sources 2. But now Debian have proved me right (again) 
beyond my wildest expectations. Two years ago, they “fixed” a “problem” 
in OpenSSL reported by valgrind[1] by *removing any possibility of 
adding any entropy to OpenSSL’s pool of randomness[2]*./

- Santosh

Santosh Dawara
visit me at http://www.sukshma.net

More information about the Plug-mail mailing list