Full Disclosure mailing list archives
Re: possible backdoor in OpenSSL X509 verification
From: Ben Laurie <ben () links org>
Date: Fri, 6 Sep 2013 19:33:16 +0100
On 6 September 2013 19:22, Jeffrey Walton <noloader () gmail com> wrote:
I've tried to get the Foundation to address these problems with policy ("everything must have positive and negative test cases"). No one really cared. Then I tried to get them to address it by accepting my negative test cases (which broke things in practice). No one really cared. Until the project improves their engineering process, things won't change.
I'm finding git pull requests way easier to deal with than all previous known mechanisms for contributing. I care a lot about testing, but like the "one full time developer" I'm also busy - and mostly not with OpenSSL. Anyway, give it a try.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- possible backdoor in OpenSSL X509 verification Arnis (Sep 06)
- Re: possible backdoor in OpenSSL X509 verification Jeffrey Walton (Sep 06)
- Re: possible backdoor in OpenSSL X509 verification Ben Laurie (Sep 06)
- Re: possible backdoor in OpenSSL X509 verification Jeffrey Walton (Sep 06)