https://research.swtch.com/openssl provides more context: openssl was asked abou... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		aragilar 89 days ago \| parent \| context \| favorite \| on: Why does Debian change software? https://research.swtch.com/openssl provides more context: openssl was asked about the change, and seemingly approved it (whether everyone understood what was being approved is a different question). It's not clear why openssl never adopted the patch (was everyone else just lucky?), but I wonder what the reaction would have been if the patch had been applied (or the lines hidden away by a build switch).

nullc 89 days ago [–]

> It's not clear why openssl never adopted the patch

OpenSSL already had an option to safely disable the bad behavior, -DPURIFY.

aragilar 88 days ago | [–]

In one of two cases I believe? I wonder what would have happened if both calls ended up being wrapped, if the bug would have taken even longer than it did to be found...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact