Jan Luehr wrote:
However, I'm curious: [how] could this happen?
This is the best explanation I've seen so far :
http://it.slashdot.org/comments.pl?sid=551636&cid=23392602
I have no idea if it's correct, but it sounds very plausible.
If there was any mistake it may have been to try too hard to get a
warning-free run from valgrind.
Contrary to some reports that Debian should have discussed the proposed
faulty fix with the OpenSSL devs in 2006, note that the Debian developer
involved *did* try to discuss the proposed changes with the OpenSSL
devs, and was not warned against the idea :
http://marc.info/?t=114651088900003&r=1&w=2
As the /. post says, "Hats off to the reviewer who picked up on the
problem".
Cheers,
Nick Boyce
--
Leave the Olympics in Greece, where they belong.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
