On Mon, May 19, 2008 at 3:53 PM, Johnny Hughes <johnny at centos.org> wrote: > Les Mikesell wrote: >> Does anyone know the point of the patch in the first place? That is, why >> would a distro-specific modification have been needed at all? I don't >> suspect an intentional compromise here but I'm curious about why anyone >> would consider a non-standard change. >> > > The change was added due to valgrind testing of openssh and warnings > produced while compiling. > > The removal was discussed on the openssh-devel list. > > If was clearly an accident caused by trying to do the right thing. And a miscommunication, it seems that the OpenSSL developers the patch was just used for debugging purposes, while the Debian packages understood it as a confirmation that the patch was ok. Errors do happen, even to the brightest of all developers. Though, most bugs do not have such far-reaching consequences. The best thing is to learn from it, and to move on. Take care, Daniel