Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

No disrespect meant, but from a security perspective the idea of patching security-critical software with a patch from a stranger on the Internet is kind of crazy, isn't it?


All open source software is made up of patches from strangers on the internet.


Not really. Gatekeepers of important open-source software are usually people who are known in the community and often employed by companies who work in the area.


Indeed :) On a serious note, I'm waiting for a reviewal from OpenSSL team.


I think I heard that quote on XKCD once.


indutny is no stranger. Highly respected coder.


Though Fedor isn't just some complete stranger online.


Maybe that's the part I was missing. There was no link to more information in his (her?) HN profile.


> There was no link to more information in his (her?) HN profile.

'His' apparently. I didn't know either, but apparently he was the first to crack Cloudfare's Heartbleed challenge:

http://blog.cloudflare.com/the-results-of-the-cloudflare-cha...

His LinkedIn / twitter for reference:

https://www.linkedin.com/in/indutny

https://twitter.com/indutny


Let's be honest about it, this patch hasn't got any attention from OpenSSL team yet, but I heard that some people from the team are interested in it. Never got a response, but it looks correct to me.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: