valgrind is a tool

Marc Lehmann schmorp at schmorp.de
Fri May 16 20:02:40 CEST 2008


Sorry, I couldn't resist, but since valgrind plays such an enourmous role
to many people (who don't even understand the valgrind output), let me just
take note that the horrendous security disaster

   http://www.debian.org/security/2008/dsa-1571

was created because the debian openssl maintainer tried to silence all
valgrind reports, which was successful, as he removed the code that
randomised the random keys generated by openssl, therefore compromising
all keys generated by openssl, openssh, openvpn, all certificates created
etc. in the last years.

so.... valgrind is a superb tool, but its just that. you still have to
understand each and every issue, and not every report is a bug, just like
not every report indicates a memory leak. one has to understand it to be
able to make good use of it.

-- 
                The choice of a       Deliantra, the free code+content MORPG
      -----==-     _GNU_              http://www.deliantra.net
      ----==-- _       generation
      ---==---(_)__  __ ____  __      Marc Lehmann
      --==---/ / _ \/ // /\ \/ /      pcg at goof.com
      -=====/_/_//_/\_,_/ /_/\_\



More information about the libev mailing list