-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 04/11/2014 06:07 AM, tpb-crypto@laposte.net wrote:
It could have been inserted into the OpenSSL repository through a backdoor... or why would the spies by so interested in hacking professors that deal with crypto and whose word is trusted by the masses? Like they did to a Belgian
It may be possible that Segelmann did his job correctly, that the reviewer did his job correctly, but someone unknown may have changed it just a
For just that reason, perhaps? Because they're experts, the work and word of whom are trusted? That would be the first place I'd expect most people to look last. little bit
before delivery. What ya fellow coders think?
The timing of the commit in question is most interesting, indeed: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4817504d069b4c508216... ...the date and time of the year when people are least likely to be sitting at their computers watching for and reviewing commits. Only better time would probably have been at 2359 hours UTC. - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ WWPMD? (What Would Paul Muad'dib Do?) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEAREKAAYFAlNIIKYACgkQO9j/K4B7F8F3jwCgke6jqiBTm7DQrQrq7OyeEnD2 zEgAn155/V3TLOKjhlSI8X/gg65+gP84 =mCzP -----END PGP SIGNATURE-----