[arch-general] New Google Group for discussion and notices on Arch security.
Jeffrey 'jf' Lim
jfs.world at gmail.com
Fri Jun 18 03:01:46 EDT 2010
On Fri, Jun 18, 2010 at 2:33 PM, Andres P <aepd87 at gmail.com> wrote:
> On Fri, Jun 18, 2010 at 1:18 AM, Jeffrey 'jf' Lim <jfs.world at gmail.com> wrote:
>>
>> ah yes, SSL! sorry :)
>>
>
> On 2006-05-01 22:34:12, Ulf Möller, openssl developer [1], responded
> [2] to openssl packager Kurt Roeckx [3] saying that he was for
> applying the patch just to keep valgrind quiet.
>
cool. I wasnt aware of that. I was aware that there was some form of
silence regarding what to do. But as for actually saying ok... hm.
Agree with the point about making sense to defer to upstream for the
final word.
-jf
> But openssl doesn't like to talk about that, and neither does slashdot
> for that matter.
>
> For a distro packager, the maximum authority regarding what to do with
> a given piece of software is upstream and common sense.
>
> If upstream says it's a ok, then common sense takes a backseat during
> technical discussions.
>
> Not to mention that initializing variables like that is undefined and
> bound to *always* cause confusion.
>
> Andres P
>
> [1] http://openssl.org/about
> [2] http://marc.info/?l=openssl-dev&m=114652287210110&w=2
> [3] http://qa.debian.org/developer.php?login=kurt@roeckx.be
>
More information about the arch-general
mailing list