From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable autolearn_force=no version=3.4.4 X-Received: by 10.42.185.1 with SMTP id cm1mr11652868icb.10.1397934765149; Sat, 19 Apr 2014 12:12:45 -0700 (PDT) Path: eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!news.eternal-september.org!news.eternal-september.org!feeder.eternal-september.org!news.glorb.com!l13no8671424iga.0!news-out.google.com!dz10ni15390qab.1!nntp.google.com!Xl.tags.giganews.com!border1.nntp.dca.giganews.com!nntp.giganews.com!local2.nntp.dca.giganews.com!news.giganews.com.POSTED!not-for-mail NNTP-Posting-Date: Sat, 19 Apr 2014 14:12:44 -0500 Date: Sat, 19 Apr 2014 15:12:42 -0400 From: Alan Browne User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 Newsgroups: comp.lang.ada Subject: Re: OpenSSL development (Heartbleed) References: <-OGdnezdYpRWFc_OnZ2dnUVZ_vednZ2d@giganews.com> <535297f1$0$6715$9b4e6d93@newsspool3.arcor-online.net> <5352a76f$0$6720$9b4e6d93@newsspool3.arcor-online.net> In-Reply-To: <5352a76f$0$6720$9b4e6d93@newsspool3.arcor-online.net> Message-ID: <3ZSdnd4A49AxV8_OnZ2dnUVZ_qSdnZ2d@giganews.com> X-Usenet-Provider: http://www.giganews.com X-Trace: sv3-vbWnoMasKVm0cKTeleFXBGflZ/6WASIJek2zxsaD+V8/P8dI5HTcbB0JJCfTDPKL9CjbbJ2Zm3jbin7!gDKh25Vu+kEoLqVndUQzCVZgm8k8Cyi/gxI1IIeJVufQC8C9neNG9ivnDCjjTbrfwBsap+Eyd+I= X-Complaints-To: abuse@giganews.com X-DMCA-Notifications: http://www.giganews.com/info/dmca.html X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly X-Postfilter: 1.3.40 X-Original-Bytes: 3729 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: quoted-printable Xref: news.eternal-september.org comp.lang.ada:19443 Date: 2014-04-19T15:12:42-04:00 List-Id: On 2014.04.19, 12:42 , Georg Bauhaus wrote: > On 19/04/14 18:06, Alan Browne wrote: >> On 2014.04.19, 11:36 , Georg Bauhaus wrote: >> >>> In between, reports of booing, bemoaning, and demanding; journalist >>> tries to establish a scape goat (OpenSSL users don't fund!). >>> No proof, no clear indication of causation, but alluding in style. >>> By saying that OpenSSL is not a well funded project, she obviously >>> tries to imply that this is (a) true in effect, and (b) that funding >>> prevents bugs. (a): most of OpenSSL does exist only after work >>> of payed employees. (b): See bugs discovered at the same time in well= >>> funded MS Word and MS Outlook projects, of similar reach. >> >> And how does that make you feel? > > Depends. Sometimes I feel that industry should rid itself of > its dependence on so few suppliers of an ever increasing number > of "industry standards", open source or not, and on > PR style people. Some things are just too important for healthy > living, both at work and at home. So important that these things > should be exempt from being nothing but a business opportunity. I think so too. IMO interchange on intra/internets should be formal standards based.=20 Those standards should be done in the same manner as aerospace and=20 defense s/w. It's okay if a pool of companies create the company that=20 does so - but the sole source of release should be that company. >> Please see this as well: >> >> http://bits.blogs.nytimes.com/2014/04/18/openssl-and-linux-a-tale-of-t= wo-open-source-projects/?action=3Dclick&contentCollection=3DTechnology&mo= dule=3DRelatedCoverage®ion=3DMarginalia&pgtype=3Darticle >> > > Same thing... No. Where OpenSSL is underfunded and has a population of maybe 4=20 programmers dedicated to it (the guy who created the bug not being one=20 of the 4) released an important security breach upon the masses; Contrast with OpenSourced Linux which has a well (corporate) funded=20 organization and has a lot more eyeballs on the code and hasn't (Linux=20 itself) suffered any major or embarrassing problems. That was the point of the article. --=20 "Big data can reduce anything to a single number, but you shouldn=92t be fooled by the appearance of exactitude." -Gary Marcus and Ernest Davis, NYT, 2014.04.07