|
|
|
|
|
|
by DebianUser
4661 days ago
|
|
|
The only thing that it means is that the security team does not fully understand the code it maintain, and apparently the same can be said about the openssl team. As a user myself, I don't understand that code, but I rely on people who should. Perhaps it means that the Debian security team should get more knowledgeable people onboard, but knowledge is also made of experience, and requires time to build up. Hopefully this will become a valuable experience for everyone, I know it has for me. By the way, does anyone know of a certified SSL stack (a la compcert)? |
|
|