Software bugs

The 2008 random number weakness in Debian (Ubuntu etc) versions of OpenSSL resulted in an article by Jake Edge for LWN: Debian, OpenSSL, and a lack of cooperation, covering the responsibilities of upstream and packagers:

It is in the best interests of everyone, distributions, projects, and users, for changes made downstream to make their way back upstream. In order for that to work, there must be a commitment by downstream entities—typically distributions, but sometimes users—to push their changes upstream. By the same token, projects must actively encourage that kind of activity by helping patch proposals and proposers along. First and foremost, of course, it must be absolutely clear where such communications should take place.

Popularity: 40% [?]

This entry was posted on Monday, June 2nd, 2008 at 10:10 pm and is filed under Bug anatomies.