3 Feb
2025
3 Feb
'25
1:14 p.m.
On Feb 3, 2025, at 4:08 PM, Chuck Guzis via cctalk
<cctalk(a)classiccmp.org> wrote:
On 2/3/25 12:51, Wayne S via cctalk wrote:
There is something there, though. If you use a binary supplied by a packager you have to
worry not just about the bugs in the original open source project, but also about bugs
added by patches created by the packager. There is a notorious example of one of the
Linux distributions (Debian?) inserting a fatal security bug into openSSL. The original
was right, but someone made a patch that clearly demonstrated an utter lack of clue.
paul
If safety is of paramount importance, a supplied
object or executable should never be used. That’s just common sense.
Sent from my iPhone
Seems to be a cognitive disconnect, here.