[tor-talk] [cryptography] The Heartbleed Bug is a serious vulnerability in OpenSSL
tpb-crypto at laposte.net
tpb-crypto at laposte.net
Fri Apr 11 08:06:56 PDT 2014
> Message du 11/04/14 15:38
> De : "Cathal Garvey (Phone)"
> It'd be hard to hide an insertion if the devs all dig into the hashes of commits of their own local repos and compare, right? Even a broken hash would require changing input, so they could go an extra step and verify each commit using another hash algo, if they were feeling super-paranoid.
>
> I'm still on the fence: this is the kind of error C is infamous for after all.
>
Right, it is highly unlikely but not impossible, maybe the devs have copies and are digging through it. Which also won't exclude that Segelmann's PC itself was hacked in and the code modified after he e-mailed someone about having his job concluded and was delivering the goods.
Considering that the tinfoilers were right all along during an entire decade, I'm also on the fence with this.
More information about the cypherpunks
mailing list