Tuesday, 27 May 2008

Get new keys, Politics of Security and lack of intention

Can you trust your keys? In case you missed the whole OpenSSL shabackle with Debian, have a read of this and/or this. It describes how some developers made a change to the OpenSSL package in Debian. This change reduced the randomness of generated keys, which wouldn't be a good thing. Here are some links where an OpenSSL developer initates the blame game.

Something that I pops into my mind a lot but I don't allow the thoughts to progress, is the nature of the intention of source code. Something that I see, often, is source code that does not specify its intention, either directly or indirectly. This makes it more difficult for people to make changes to the software later on, as they have to investigate what the software was supposed to do, as opposed to what it does, which takes a lot of time. So please be explicit and communicate your intention.

No comments: