

A reminder to be cautious merging pull requests on NYE - everettForth
https://github.com/openssl/openssl/commit/4817504d069b4c5082161b02a22116ad75f822b1

======
mc_hammer
Im not saying its even 50% true but the original comitters recent commits look
almost-suspect too.

a few things that look guilty even though they might not be:

(just looking at 5 of his last 1 mo of commits)

1) hes touching a lot of crypto 2) hes removing crypto 3) hes adding ifdefs
disabling services (ie #ifdef windowsstuffflag skip_eliptic_curve_encryption )
- real example . wtf. 4) im not seeing a lot of feature additions 5) oh
openssl 1.0 came out i better make 1.01 2 days later with like 2 features, my
tls heartbeat code and some lame other feature 6) his heartbleed commit uses
the var "payload" instead of "data" or "msg" \- wtf.

7) hes reversing flags in code

    
    
        if ("OK" == vt_asdf_ok){
            if (checkflags) {
               dostuff()
    

becomes

    
    
        if ("ok" != vt_Asdf_ok) {
        }
        if (!checkflags) {
           //dostuff
    
    

idk i only looked at 5 commits

