Comment by timschmidt
13 days ago
I am not surprised at all, because instead of throwing their support behind the LibreSSL folks who audited the OpenSSL codebase after Heartbleed and found deep design and implementation issues, Linux Foundation and member orgs including most of Silicon Valley decided that OpenSSL just needed more funding.
Felt like good money after bad on day 1.
The problem with the OpenSSL 3 codebase isn't security; many organizations, including the OpenSSL team itself, have been responsible for pulling out of the security rut OpenSSL was in when Heartbleed happened. The OpenSSL 3 problem is something else.
so, incompetence of people writing it
If you don't have anything meaningful to say, you can just not comment.
[dead]
[flagged]
And once you realize that Management + Finance + Marketing outnumber engineering at OpenSSL [1], you know the money is put to good use, too.
[1]: https://openssl-corporation.org/about/leadership/
If I were cynical, I'd think that the inscrutable code and resultant security issues were a feature desired by those management and finance types, not a bug. The purpose of a system being what it does, and all.
Seems plenty of the people occur multiple times, so there's more engineers... if only barely :|
If you value somebody so much you show them multiple times, I'm going to assume they're outsized weight in terms of influence and cost, too.