Date: Wed, 4 Sep 1996 11:35:36 -0600 (MDT) From: Nate Williams <nate@mt.sri.com> To: Terry Lambert <terry@lambert.org> Cc: dg@root.com, nate@mt.sri.com, darrend@novell.com, chat@freebsd.org Subject: Re: FreeBSD vs. Linux 96 (my impressions) - Reply Message-ID: <199609041735.LAA00851@rocky.mt.sri.com> In-Reply-To: <199609041726.KAA06713@phaeton.artisoft.com> References: <199609040200.TAA03938@root.com> <199609041726.KAA06713@phaeton.artisoft.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> As to elitism in OpenBSD inre: the security fixes, I really think that > depends on how you ask, doesn't it? One method is to confront the > people involved (who happen to be involved there instead FreeBSD or > NetBSD because they believe they are granted a "moral high ground" > by their involvement with OpenBSD). Because of the way humans work, > this is unlikely to be a successful strategy; this should be obvious > to even the most casual observer of human nature, and shouldn't take > an observation from someone who mathematically models group dynamics > to become readily apparent. > > > An alternate approach to the problem of finding out what the security > fixes are would be to ask their CVS log. This is permitted, encouraged, > and has the side effect of removing the moral coloring from the answer > you receive. And also it a lot more (completely un-necessary) work. Theo: I fixed a security bug in OpenBSD that exists in every other OS known to man, but I'm not telling you where in the system it is. But, it's a baaaad bug, and you should be very scared of it. Response: # cvs co src # find . -type f -print | xargs cvs log Look through *every* single file in the system looking for 'security' fix, which may/may not be logged as such to deter any casual observer from seeing the bug, thus 'disclosing' the bug and making other systems vulnerable because of OpenBSD's 'partial disclosure' policy. Nate
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199609041735.LAA00851>