Date: Sat, 20 Nov 2010 13:28:45 +0000 From: RW <rwmaillists@googlemail.com> To: freebsd-questions@freebsd.org Subject: Re: openssl version - how to verify Message-ID: <20101120132845.51253983@gumby.homeunix.com> In-Reply-To: <AANLkTimtQnc4fWYV7%2BPWMuKZbji835-Yp0v48bSCkD2Q@mail.gmail.com> References: <201011192054.oAJKsOPk011590@mail.r-bonomi.com> <AANLkTi=qL4Tp_6%2BObNvCR3V%2BTNjZd-dO%2Bv%2B0740VQLxJ@mail.gmail.com> <20101119163648.19c9e66a@scorpio> <AANLkTimtQnc4fWYV7%2BPWMuKZbji835-Yp0v48bSCkD2Q@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 20 Nov 2010 00:08:35 -0500 Eitan Adler <lists@eitanadler.com> wrote: > On Fri, Nov 19, 2010 at 4:36 PM, Jerry <freebsd.user@seibercom.net> > wrote: > > On Fri, 19 Nov 2010 15:08:26 -0600 > > Adam Vande More <amvandemore@gmail.com> articulated: > > > >> While I agree with your point in this context, the statement "The > >> number of _UNDISCOVERED_ bugs, on the other hand, is an infinite > >> one." is false. > >> > >> http://www.unsw.edu.au/news/pad/articles/2009/sep/microkernel_breakthrough.html > > > > It was later discovered that the software used to certify the kernel > > 100% bug-free was not itself bug-free thereby nullifying results. > > The paper "Diverse Double-Compiling" by David A Wheeler is relevant > although not strictly the same topic. It could be used to avoid this > type of issue. Even if it works it's only proving that at some level of abstraction the implementation matches a formal specification, there's still scope for higher and lower level bugs. But just because something is unknown doesn't mean it's infinite.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20101120132845.51253983>