OpenSSL bug sparks new development

by
in code on (#3HX)
The Heartbleed bug has sparked new interest in cleaning up the OpenSSL code base. As evidenced by OpenBSD's CVS repository, the team has started removing old platform specific code, style inconsistencies, non-free hardware crypto engines, and dubious wrappers from the library. Perhaps the best side effect of the Heartbleed bug will be a much cleaner and more secure OpenSSL package.

Ed. note: So, is a catastrophic and highly public failure what it takes to catalyze action in some projects? And if so, which other projects are in need of some energizing disaster?

Update: The mentioned cleanup is taking place in the OpenBSD CVS repository. The official OpenSSL repository information can be found at http://www.openssl.org/source/repos.html

Re: You're not linking to the original OpenSSL repo (Score: 2, Interesting)

by nightsky30@pipedot.org on 2014-04-16 12:25 (#138)

Not sure where I saw it yesterday, but someone else made a similar statement in that the changes they are making over at openBSD might never end up merged back into openSSL proper. If they do merge the changes into openSSL proper, excellent. If they don't merge the changes from openBSD, then I don't really mind a fork in the name of security. If that were the case, hopefully other *nix OSs would switch.
Post Comment
Subject
Comment
Captcha
Which of ninety four, thirty six, 48, ninety four, 100 or 57 is the highest?