Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Debian Bug Leaves Private SSL/SSH Keys Guessable

narfbot Re:OSS, only as good as the last developer? (670 comments)

But the point here is that the freedom that OSS gives you does require you to trust the whole distribution chain. In this case there was an added muppet who did something they shouldn't have thus rendering everything downstream insecure. OSS is great but it required great developers, given that it has take well over a year to get the advisory out it shows that the many eyes piece didn't work here, mainly because the eyes were looking at the original source not the botched packaging job.
This is actually the number one reason I use slackware. Every package gets built by one guy. And if anything, it's easy to trust one guy. And he happens to be the one with the most experience at making packages. Not only that, his philosophy is to provide pristine packages from its source as far as possible. No worries of changes to these packages except critical bug fixes, and these are usually the kind that go upstream anyway.

Frankly, I'm not surprised that this occurred in Debian. I have seen how they package before. Usually that have the original source and one giant make-package-debian-centric diff file that would be insanely hard to audit -- correct me if I'm wrong -- at least for anyone outside debian or did not build the package in the first place.

more than 6 years ago

Submissions

narfbot hasn't submitted any stories.

Journals

narfbot has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>