OpenBSD devs comments documenting progress with cleaning of OpenSSL codebase

Some of it:<p><pre><code> todo: do not leave 15 year old todo lists in the tree. This code is the reason perl has a name as a write only language. Remove oh-so-important-from-a-security-pov OpenSSL_rtdsc() function. Do not feed RSA private key information to the random subsystem as entropy. It might be fed to a pluggable random subsystem.... What were they thinking?! &lt;RANT&gt; Whoever thought that RAND_screen(), feeding the PRNG with the contents of the local workstation&#x27;s display, under Win32, was a smart idea, ought to be banned from security programming. &lt;&#x2F;RANT&gt; </code></pre> Edit: just noticed, there&#x27;s a BLOG with it.. <a href="http://opensslrampage.org/" rel="nofollow">http:&#x2F;&#x2F;opensslrampage.org&#x2F;</a>

<p><pre><code> - Why do we hide from the OpenSSL police, dad? - Because they&#x27;re not like us, son. They use macros to wrap stdio routines, for an undocumented (OPENSSL_USE_APPLINK) use case, which only serves to obfuscate the code.</code></pre>

A more accurate link: <a href="http://freshbsd.org/search?project=openbsd&amp;q=file.name%3Alibssl" rel="nofollow">http:&#x2F;&#x2F;freshbsd.org&#x2F;search?project=openbsd&amp;q=file.name%3Alib...</a>