-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 04/11/2014 12:54 PM, rysiek wrote:
Dnia piÄ…tek, 11 kwietnia 2014 10:04:38 The Doctor pisze:
The timing of the commit in question is most interesting, indeed:
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4817504d069b4c508216
1b02a22116ad75f822b1
...the date and time of the year when people are least likely to be sitting at their computers watching for and reviewing commits. Only better time would probably have been at 2359 hours UTC.
Now I love my conspiracy theories just like the next guy and I definitely do not take sides (I am myself quite inclined to think this is not entirely an honest mistake), but...
...the kind of argument you make rings a bell: http://en.wikipedia.org/wiki/Anthropic_bias
I agree that this was the very best time for a commit so that nobody sees it/reviews it. Maybe this is why nobody has seen it nor reviewed it? As in, the very fact it is so does not prove that it was done at this time on purpose.
I agree that there is no proof that this bug was introduced on purpose and it might be a simple oversight (no matter what it looks like or could be). We have to keep in mind that one of the things spies do is sow suspicion and doubt - it's a powerful weapon! All these vulnerabilities we're finding in critical software /might just be/ mistakes and oversights. Or they might be deliberate attacks by the NSA/GCHQ. Part of the power these agencies wield is that /we'll likely never know/ and so we suspect...everyone. Everything. Cypher - -- Want to communicate with me privately? Find my PGP public key here: http://pgp.mit.edu/pks/lookup?op=get&search=0x5BAEB5B2FA26826B Fingerprint: 6728 40CE 35EE 0BF3 2E15 C7CC 5BAE B5B2 FA26 826B -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTSC4qAAoJEFuutbL6JoJrbIYQAJCMlCI7rpWZq/yUuVFZOmpW dO1QxMF1Gz0KA+MFBc5eiKzWsYbggY6jGfufiaWPDgV7fpmdirkz2enbEro6VFqN kOQded5v72g+cHDJjb4xcsK3J/k+RKeOxQxrNd8XeiqxGAqLlScDos+LGeOOee1f Dgefk/uQ1g/8O3sYz+uQhTyRWy+oEfSr1WUCvPYO1MiQcGt2BSC3S5RxMNKyj1XG so+pIKtrMJq842Rxl8OBJEAHpK7o4AnN9ealHpa6o+4nUR8C4WrN+T+rwnvpuZOI ujfWO6bEMfmGtNxOiZY3FfiJTLILrD4Ebiy28sJp6FkT53Kvvh7Bk4jdB5HJFSBh T4RzsOE5dEcGKIUrkA1W0Ct+SxZY167rFpKKzG4D95onN4EDHkZANm+bq24NxMf7 oB2rm6F1WCb5T2IRFzUiMln0brNGmp1jM9Y4jHRvc7Nsk+X9Xrq0lGoMKiWXqa2j XWQvgdQe3xPods/HRrEThHOJf9zg3YoxdeLmCJvUm459nHjiswOFSEobuYhbroFz Gx9fNyQxy2V2rCY8Yl7vE8qXp6L0S8pylZdeveyXrcKUc4jL3FOKYkEm5Exm9Rmg teI+NvbmUsO8AdEV3v70gvT6pjZr62gxWOjkbRX4LIHIq3eTZJ9+XyrVRGiLx+YU RNu3H/lUDe49yCmtd6O1 =8cIX -----END PGP SIGNATURE-----