This submission prior to tptacek's (rather good) analysis was of little value. The original submitter gave absolutely no context to the diff.
I don't think we can depend on tptacek always being on hand.
This bug itself is not novel and something any programmer (if they are being honest) will admit to doing themselves.
The really interesting part of this story is not technical at all (and not evident from the posted patch) - why did the openbsd team not feel it necessary to release a security advisory for this bug. That decision may tarnish their reputation more than any wild conspiracy claims.
I don't think we can depend on tptacek always being on hand.
This bug itself is not novel and something any programmer (if they are being honest) will admit to doing themselves.
The really interesting part of this story is not technical at all (and not evident from the posted patch) - why did the openbsd team not feel it necessary to release a security advisory for this bug. That decision may tarnish their reputation more than any wild conspiracy claims.