Date: Sun, 20 Apr 2014 04:34:54 +0000 From: "Brandon Vincent (Student)" <Brandon.Vincent@asu.edu> To: Mikhail <mp39590@gmail.com>, "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: RE: De Raadt + FBSD + OpenSSH + hole? Message-ID: <586745645D88D740AF5C0346EF5AB800169AE8D4@exmbw03.asurite.ad.asu.edu> In-Reply-To: <535326fa.ab7281.696ea278@edge> References: <534B11F0.9040400@paladin.bulgarpress.com> <201404141207.s3EC7IvT085450@chronos.org.uk> <201404141232.s3ECWFQ1081178@catnip.dyslexicfish.net> <53522186.9030207@FreeBSD.org>,<535326fa.ab7281.696ea278@edge>
next in thread | previous in thread | raw e-mail | index | archive | help
It seems like this attitude will provide fuel to the argument that open-sou= rce software is inherently less secure.=0A= =0A= I'm surprised that SSH Communications Security hasn't used these posts yet = as an argument to why their product is more secure.=0A= =0A= Brandon Vincent=0A= ________________________________________=0A= From: owner-freebsd-security@freebsd.org [owner-freebsd-security@freebsd.or= g] on behalf of Mikhail [mp39590@gmail.com]=0A= Sent: Saturday, April 19, 2014 6:46 PM=0A= To: freebsd-security@freebsd.org=0A= Subject: Re: De Raadt + FBSD + OpenSSH + hole?=0A= =0A= >On 4/14/2014 7:32 AM, Jamie Landeg-Jones wrote:=0A= >> Matt Dawson <matt@chronos.org.uk> wrote:=0A= >>=0A= >>> My first thought when I saw this was "ego over ethics," which says more= =0A= >>> about Theo than FreeBSD.=0A= >>=0A= >> Totally.=0A= >>=0A= >> I know Theo has a reputation for being 'difficult', but in my opinion,= =0A= >> this outburst really calls into question his perceived motivations=0A= >> regarding secure software.=0A= >>=0A= >> As to the specific question, I don't think his ego would allow a bug=0A= >> in openssh to persist, so even if it does, I'd suspect it's not too=0A= >> serious (or it's non-trivial to exploit), and it's related to FreeBSD=0A= >> produced 'glue'.=0A= >>=0A= >> This is total guesswork on my part, but I'd therefore assume he was=0A= >> talkining about openssh in base, rarther than openssh-portable in=0A= >> ports.=0A= >>=0A= >=0A= >As the maintainer of the port I will say that your security decreases=0A= >with each OPTION/patch you apply. I really would not be surprised if one= =0A= >of the optional patches available in the port had issues.=0A= =0A= I believe that Theo just browbeat. Reasons? It was looooong ago, I think=0A= very few still remember, but Theo definitely does:=0A= =0A= http://lists.freebsd.org/pipermail/freebsd-security/2005-March/002719.html= =0A= _______________________________________________=0A= freebsd-security@freebsd.org mailing list=0A= http://lists.freebsd.org/mailman/listinfo/freebsd-security=0A= To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"= =0A=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?586745645D88D740AF5C0346EF5AB800169AE8D4>