Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

But why patch it in debian, and not file an upstream bug?

It’s doubly important to upstream issues for security libraries: There are numerous examples of bad actors intentionally sabotaging crypto implementations. They always make it look like an honest mistake.

For all we know, prior or future debian maintainers of that package are working for some three letter agency. Such changes should be against debian policy.



Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: