[SystemSafety] OpenSSL Bug
Peter Bernard Ladkin
ladkin at rvs.uni-bielefeld.de
Mon Apr 14 22:56:44 CEST 2014
> On 14 Apr 2014, at 22:43, "Martin Pugh" <martin.pugh at blueyonder.co.uk> wrote:
>
> Comparing OpenSSL rev 1.0.1 f and g (fixed) .........
> This corrects an implementation error which didn't meet the requirement i.e. RFC6520 sec 4 as the comment says.
So you are saying that a specific requirement was unfulfilled by Rev 1.0.1f.
> All this argument about languages, type checking, array bounds checking etc is irrelevant in this particular instance.
How does that follow?
If the requirement would automatically have been fulfilled if a particular technology had been used, how can it follow that that technology is "irrelevant in this particular case"?
> I take my hat off to the open source community for their efforts.
Me too in general. But it's a problem that we can't seem to persuade them to use established high-reliability programming methods for code for which high reliability is essential.
PBL
Prof. Peter Bernard Ladkin, University of Bielefeld and Causalis Limited
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20140414/f90caaf3/attachment.html>
More information about the systemsafety
mailing list