Date: Fri, 17 Dec 2010 17:31:49 +0100 From: Giorgos Keramidas <keramida@freebsd.org> To: jackoroses@gmail.com Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD IPSec stack contains backdoors? Message-ID: <xeiazks42wei.fsf@kobe.laptop> In-Reply-To: <AANLkTi=aGJR7x=eCE8vmk9T4ZwJ1i0UOdcj1o53e5jBF@mail.gmail.com> (Mike L.'s message of "Fri, 17 Dec 2010 10:36:39 -0500") References: <AANLkTimQAZ5J5CB4ub7RAQZw93cKD6UxBaYa%2BU6M597Q@mail.gmail.com> <AANLkTikP-sF8RftgWE0JVbd2%2Bw3QH2yiHZ1gQvgfCDBH@mail.gmail.com> <xeiaei9gsq35.fsf@kobe.laptop> <AANLkTi=aGJR7x=eCE8vmk9T4ZwJ1i0UOdcj1o53e5jBF@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On Fri, 17 Dec 2010 10:36:39 -0500, Mike L <jackoroses@gmail.com> wrote: > On Fri, Dec 17, 2010 at 4:31 AM, Giorgos Keramidas <keramida@freebsd.org>= wrote: >> The FreeBSD security officer team has already written an official >> response about this. Please have a look at: >> >> http://lists.freebsd.org/pipermail/freebsd-security/2010-December/005746= .html > > Reads like an unacceptable response to an issue that seems quite critical. On Fri, 17 Dec 2010 11:11:17 -0500, Mike Tancsa <mike@sentex.net> wrote: > Strange, reads like a totally reasoned response to me to an issue that > is somewhere between a practical joke and something critical. I will > go with the SECTeam's assessment. They have a proven track record for > assessing and dealing with security issues. Mike L, unacceptable or not this is the response of people who have been involved with FreeBSD security for a long time. I think their response is reasonable, given the out-of-scale proportions that the entire issue seems to have been blown into when magazine-style web sites picked it up and started 'decorating' the original email of Theo with their own view of what the message between the lines MIGHT have been. The role of the security officer team is not to take an issue that has been blown entirely out of proportion and add to the FUD. It's their responsibility to handle security incidents on a fact-based basis, and there are very little "real facts" out there about this particular theory right now. I don't know why you consider the security officer reply `unacceptable', but I'm relatively sure you will agree that they are quite sensible when they say: As always, anyone who believes that they have found a vulnerability affecting FreeBSD is requested to contact secteam at freebsd.org. I think that's a quite reasonable, sensible and down to earth thing to say. The rest of what the interwebs seems to be writing about these particular allegations are, to the best of my current knowledge, just a conspiracy theory trying to become as public as possible. I too will agree with Mike Tansa. I'll go 100% with the SECTeam=E2=80=99s assessment. They have a proven track record for assessing and dealing with security issues. =2D----------------------------------------------------------------------- Note: Let's keep the email traffic of security-officer down a bit. They don't really have to get Cc: copies of *all* the email messages of all the people subscribed to freebsd-questions. It's probably annoying and it may even turn out to be a waste of their time, or even obstruct them From=20seeing other, really *important* stuff about security issues. =2D----------------------------------------------------------------------- --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk0LkHYACgkQ1g+UGjGGA7ZxnACgvrxdwphKF9WDwiueR+Vbnfos KXMAmgOxYJveTHTDucQe346mFG0KZEuC =cdOG -----END PGP SIGNATURE----- --=-=-=--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xeiazks42wei.fsf>