cacert-sysadm AT lists.cacert.org
Subject: CAcert System Admins discussion list
List archive
Re: [Cacert-sysadm] openSSL/debian debacle -> random numbers for Security Manual
Chronological Thread
- From: Philipp Gühring <pg AT futureware.at>
- To: cacert-sysadm AT lists.cacert.org
- Subject: Re: [Cacert-sysadm] openSSL/debian debacle -> random numbers for Security Manual
- Date: Fri, 30 May 2008 17:28:39 +0200
- List-archive: <http://lists.cacert.org/pipermail/cacert-sysadm>
- List-id: CAcert System Admins discussion list <cacert-sysadm.lists.cacert.org>
- Organization: Futureware 2001
Hi,
> Agree with Pat. It was a stupidity of Debian distro commenting out and
> decreasing the quality of key generation below acceptable level (and the
> believe of engineers around the person who did it that he was doing ok:-(
> ). The problem is does one believe a distribution? (OpenSSL as such was not
> failing).
I would say that the quality control inside OpenSSL failed.
> It is risk management nothing more.
It's missing quality control.
> Answer probably to my
> question is yes: Debian is accepted and qualified and the world used
> experts to control it (and we will fail and learn).
> The question arises: which of the open source distro's ("assemblies" of
> OSS) do quality assessment on themselves? (I guess that even probably eg
> IBM is not doing it?).
> Is it a failure that CAcert did not detected it?
Yes. We tested OpenSSL on SUSE for that problem (1-3 years ago), and decided
not to test OpenSSL on every distribution, on every processor architecture,
on every system configuration, with every minor version and patch,
hoping that testing OpenSSL itself would be enough.
(But it might be that we did the tests before OpenSSL introduced the bug.
I'll
have to review the logs, when I have time for that)
Best regards,
Philipp Gühring
- [Cacert-sysadm] openSSL/debian debacle -> random numbers for Security Manual, Ian G, 05/29/2008
- Re: [Cacert-sysadm] openSSL/debian debacle -> random numbers for Security Manual, Pat Wilson, 05/29/2008
- Re: [Cacert-sysadm] openSSL/debian debacle -> random numbers for Security Manual, Teus Hagen, 05/30/2008
- Re: [Cacert-sysadm] openSSL/debian debacle -> random numbers for Security Manual, Philipp Gühring, 05/30/2008
- Re: [Cacert-sysadm] openSSL/debian debacle -> random numbers for Security Manual, Teus Hagen, 05/30/2008
- Re: [Cacert-sysadm] openSSL/debian debacle -> random numbers for Security Manual, Sam Johnston, 05/30/2008
- Re: [Cacert-sysadm] openSSL/debian debacle -> random numbers for Security Manual, Ian G, 05/30/2008
- Re: [Cacert-sysadm] openSSL/debian debacle -> random numbers for Security Manual, Philipp Gühring, 05/30/2008
- Re: [Cacert-sysadm] openSSL/debian debacle -> random numbers for Security Manual, Ian G, 05/30/2008
- Re: [Cacert-sysadm] openSSL/debian debacle -> random numbers for Security Manual, Philipp Gühring, 05/30/2008
- Re: [Cacert-sysadm] openSSL/debian debacle -> random numbers for Security Manual, Teus Hagen, 05/30/2008
- Re: [Cacert-sysadm] openSSL/debian debacle -> random numbers for Security Manual, Kim Holburn, 05/29/2008
- Re: [Cacert-sysadm] openSSL/debian debacle -> random numbers for Security Manual, Kim Holburn, 05/29/2008
- Re: [Cacert-sysadm] openSSL/debian debacle -> random numbers for Security Manual, Pat Wilson, 05/29/2008
Archive powered by MHonArc 2.6.16.