The Debian OpenSSL disaster
Unfortunately, it is much cheaper in the short term simply to treat the most damaging symptoms of bad software engineering than it is to address the underlying problems and causes. However, in the long run, this leads to huge amounts of time spent by end users applying patches and updates and developers needing to address the same problems repeatedly.
The good news is that many of the solutions to these problems are not that expensive, and most require little if any technology to implement.
Simply commenting code, documenting communications channels, and asking questions clearly – with as much context as possible – will go a long way. Also, it's important to remember that open source isn't just about access to source code, but access to the very culture that writes the source code, which means everyone has the chance to help make it that much better.
- DSA-1571-1 openssl: http://www.debian.org/security/2008/dsa-1571
- Key rollover: http://www.debian.org/security/key-rollover/
- SSLkeys: http://wiki.debian.org/SSLkeys
- OpenSSL bug report: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=363516
Buy this article as PDF
Customers can take a free test drive of SLES for HPC on the Azure Cloud
San Francisco-based chip company announces their first fully open source chip platform.
The whole distro gets rebuilt on glibc 2.3
Ubuntu Vendor tries to solve app packaging and distribution problem across distributions.
Founder of ownCloud launches the Nextcloud project.
Will The Machine change the way future programmers think about memory?
The new Torus distributed storage system is available under an open source license on GitHub
Juries decides Google’s use of Java APIs Was Fair Use
But if you are not using the latest Linux kernel, your system is insecure.
Home routers will give room for custom firmware but still comply with FCC rules