May 19, 2008
LWN on the Debian SSL Key Issue

LWN has a nice article entitled Debian, OpenSSL, and a lack of cooperation.

Back in April 2006, a Debian user reported a problem using the OpenSSL library with valgrind, a tool that can check programs for memory access problems. It was reporting that OpenSSL was using uninitialized memory in parts of the random number generator (RNG) code. Using memory before it is initialized to a known value is a well known way to create hard-to-find bugs, so it is not surprising that the valgrind report caused some consternation.

Read the full thing, it's very interesting to see how it's maybe not a cut and dry issue of someone deleting something they shouldn't have.

Posted by Arcterex at May 19, 2008 01:01 PM