From owner-freebsd-hackers  Mon May 24  0:54:48 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from zippy.cdrom.com (zippy.cdrom.com [204.216.27.228])
	by hub.freebsd.org (Postfix) with ESMTP id B805B14DA3
	for <hackers@FreeBSD.ORG>; Mon, 24 May 1999 00:54:46 -0700 (PDT)
	(envelope-from jkh@zippy.cdrom.com)
Received: from zippy.cdrom.com (jkh@localhost [127.0.0.1])
	by zippy.cdrom.com (8.9.3/8.9.3) with ESMTP id AAA29383;
	Mon, 24 May 1999 00:55:19 -0700 (PDT)
	(envelope-from jkh@zippy.cdrom.com)
To: Kris Kennaway <kkennawa@physics.adelaide.edu.au>
Cc: Warner Losh <imp@harmony.village.org>, hackers@FreeBSD.ORG
Subject: Re: security: what does OpenBSD have, that FreeBSD doesn't have. 
In-reply-to: Your message of "Mon, 24 May 1999 09:15:25 +0930."
             <Pine.OSF.4.10.9905240912590.1358-100000@bragg> 
Date: Mon, 24 May 1999 00:55:19 -0700
Message-ID: <29379.927532519@zippy.cdrom.com>
From: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> I'm not sure..I've been wandering through the openbsd source tree and merging
> useful diffs from binaries, but I haven't been too organised about it so far,
> and haven't encountered much in the way of "important" fixes. I'm sure there
> are some, though.

While it can rightfully be said that OpenBSD has done extensive auditing,
I think all that's required of us is some auditing of the auditing. :)

If you don't take the changes wholesale but merely use them as "very
good hints" in doing your own security auditing, I think you'll be off
to an excellent start in exactly the right direction.  Don't stop
there though - there's every possibility that other eyes might catch
something *they* missed, and that's something which can only benefit
both groups. :)

- Jordan


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message