Re: De Raadt + FBSD + OpenSSH + hole?

看板FB_security作者時間11年前 (2014/04/20 10:01), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串8/29 (看更多)
>On 4/14/2014 7:32 AM, Jamie Landeg-Jones wrote: >> Matt Dawson <matt@chronos.org.uk> wrote: >> >>> My first thought when I saw this was "ego over ethics," which says more >>> about Theo than FreeBSD. >> >> Totally. >> >> I know Theo has a reputation for being 'difficult', but in my opinion, >> this outburst really calls into question his perceived motivations >> regarding secure software. >> >> As to the specific question, I don't think his ego would allow a bug >> in openssh to persist, so even if it does, I'd suspect it's not too >> serious (or it's non-trivial to exploit), and it's related to FreeBSD >> produced 'glue'. >> >> This is total guesswork on my part, but I'd therefore assume he was >> talkining about openssh in base, rarther than openssh-portable in >> ports. >> > >As the maintainer of the port I will say that your security decreases >with each OPTION/patch you apply. I really would not be surprised if one >of the optional patches available in the port had issues. I believe that Theo just browbeat. Reasons? It was looooong ago, I think very few still remember, but Theo definitely does: http://lists.freebsd.org/pipermail/freebsd-security/2005-March/002719.html _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 mp39590. 的文章
文章代碼(AID): #1JKofV_H (FB_security)
討論串 (同標題文章)
完整討論串 (本文為第 8 之 29 篇):
排序: 最新先 | 最舊先 | 留言數
在新視窗開啟完整討論串 (共29篇)
更多 mp39590. 的文章
文章代碼(AID): #1JKofV_H (FB_security)