> After heartbleed everybody blamed OpenSSL's bloated code base <
And this is exactly what they are fixing.
OpenSSL's response was to fix heartbleed and move on, not fixing the more broad problem of to much code cruft that led to the bug. IMHO they are right to fork it, OpenSSL's lack of reaction to this is a raise for concern. I am sure Theo( de Raadt) and its team can tackle this, making the code base much much leaner, reducing the risks of bugs similar to heartbleed. And there is really no excuse for OpenSSL to deny that.
Also i think OpenSSL has to much technical debt to be efficient in tackling a cleanup like this.
And this is exactly what they are fixing.
OpenSSL's response was to fix heartbleed and move on, not fixing the more broad problem of to much code cruft that led to the bug. IMHO they are right to fork it, OpenSSL's lack of reaction to this is a raise for concern. I am sure Theo( de Raadt) and its team can tackle this, making the code base much much leaner, reducing the risks of bugs similar to heartbleed. And there is really no excuse for OpenSSL to deny that.
Also i think OpenSSL has to much technical debt to be efficient in tackling a cleanup like this.