SoylentNews is people
SoylentNews
OpenSSL has made some policy changes regarding use of e-mail lists, cryptographic policies, patch releases, and github use.
The OpenSSL OMC met last month for a two-day face-to-face meeting in London, and like previous F2F meetings, most of the team was present and we addressed a great many issues. This blog posts talks about some of them, and most of the others will get their own blog posts, or notices, later. Red Hat graciously hosted us for the two days, and both Red Hat and Cryptsoft covered the costs of their employees who attended.
One of the overall threads of the meeting was about increasing the transparency of the project. By default, everything should be done in public. We decided to try some major changes to email and such.
Source: https://www.openssl.org/blog/blog/2018/01/18/f2f-london/
(Score: 2) by coolgopher on Sunday January 21 2018, @12:48PM (3 children)
This article looks so lonely with its count of zero comments.
The article was rather lightweight too though, so not much to drive the discussion. Fixing technical debt is certainly a good thing, but it does carry the risk of introducing bugs, especially if part of the tech debt is lack of regression tests. [Disclaimer: I haven't worked with the OpenSSL code base directly so I have no idea whether that's the case. API & doc wise it's been pretty miserable in the past though.]
(Score: 2) by canopic jug on Sunday January 21 2018, @03:45PM
The article was rather lightweight too though, so not much to drive the discussion.
I figured something was better than nothing in this case, OpenSSL being so important due to its wide deployment. But an increasing portion of articles are like that nowadays. I blame Twitter and sometimes get the feeling that the authors are either burdened by pushing past the character limint or only begrudgingly write an article because it won't flow in a series of Tweets. Elsewhere there are already too many pages being passed off as articles that are nothing but a collection of copy-and-paste Tweets glued together with the bare minimum of prose. That's not journalism. It's just lame. And with the amount of censorship that Twitter engages in it is a seriously dangerous trend.
Money is not free speech. Elections should not be auctions.
(Score: 2) by tibman on Sunday January 21 2018, @03:57PM (1 child)
They do have a bunch of tests but i have no idea how much code coverage they account for. https://github.com/openssl/openssl/tree/master/test [github.com]
They can at least ensure that major functionality isn't broken.
SN won't survive on lurkers alone. Write comments.
(Score: 2) by coolgopher on Sunday January 21 2018, @09:10PM
Well, isn't *obviously* broken. Testing against timing attacks is hard, and that's exactly the type of vulnerability I'd consider likely to creep in during a refactoring cleanup pass.