* Ross Cameron <[EMAIL PROTECTED]> [2008-05-16 14:30:39]: > Mmmmmmm this isn't the first time I've heard of bogus reports from Valgrind. > How does one politely inform the Debian project to not trust it explicitly > and to human audit anything it flags? > > On Fri, May 16, 2008 at 1:41 PM, Otto Moerbeek <[EMAIL PROTECTED]> wrote: > > > On Fri, May 16, 2008 at 01:31:54PM +0200, Ross Cameron wrote: > > > > > Anyone got any thoughts on what the Debian project has been doing to > > OpenSSL > > > to have caused this in the first place? > > > > yes, read the stuff posted earlier, it contains all relevant links. To > > summarize, to silence a bogus valgrind warning, almost all seeding of > > the PRNG used by openssl was removed. > > > > -Otto > >
They probably have figured it out. This is a pretty big screw-up--it was in the tree since September 2006. You don't do something this bad and not learn from it =). -- Travers Buda
