Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!lucy.swin.edu.au!news.rmit.EDU.AU!news.unimelb.EDU.AU!munnari.OZ.AU!news.ecn.uoknor.edu!news.wildstar.net!news.ececs.uc.edu!newsfeeds.sol.net!uwm.edu!news.he.net!nntp.iccom.com!news.rain.net!pacifier!downsj From: downsj@threadway.teeny.org (Jason Downs) Newsgroups: comp.unix.bsd.netbsd.misc,comp.security.unix Subject: Re: OpenBSD hides security fixes (and blindly integrates code) Date: 17 Feb 1997 03:54:08 GMT Organization: OpenBSD Lines: 38 Message-ID: <5e8kp0$lgo@news.pacifier.com> References: <none-ya023480001912962244220001@news.infi.net> <5e6mjn$q3n@panix2.panix.com> <5e6o39$6am@news.pacifier.com> <5e8cf4$83s@panix2.panix.com> NNTP-Posting-Host: teenyrtr.pacifier.com Cc: Xref: euryale.cc.adfa.oz.au comp.unix.bsd.netbsd.misc:5436 comp.security.unix:31856 In article <5e8cf4$83s@panix2.panix.com>, Thor Lancelot Simon <tls@rek.tjls.com> wrote: ]In article <5e6o39$6am@news.pacifier.com>, ]Jason Downs <downsj@threadway.teeny.org> wrote: ]>In article <5e6mjn$q3n@panix2.panix.com>, ]>Thor Lancelot Simon <tls@rek.tjls.com> wrote: ]]In article <DERAADT.97Feb16012623@zeus.pacifier.com>, ]>]Theo de Raadt <deraadt@theos.com> wrote: ]>]>I'll bet you don't. ]>] ]>]No, he doesn't. Neither do I. In fact, we beat this to death internally, and ]>]I don't really think anyone's glad that it happened. On the other hand, quite ]>]a few people expressed surprise that said #ifndef made it into OpenBSD, since ]>]that pretty clearly indicates that said code was integrated _without anyone ]>]ever even reading it_ -- rather a stunner, for an operating system which ]>]claims to have security as one of its primary goals. ]> ]>So you're saying that in the future NetBSD plans to commit outright security ]>holes to the arch-dependant portions of their tree? ] ]Did I say that? No, I didn't say that. I suggest you stop making things like ]that up, lest you discredit yourself further. Hey, I have an idea. Why don't you and the rest of the NetBSD cabal (to use peter's term) start actually even attempting to respond with some well thought out argumentation? I think I've lost count of the number of times NetBSD people have used the term "discredit" and failed to actually respond to a point. Perhaps they realize that's what they're doing to their own position... I sense a trend here. NetBSD can't fix security holes unless OpenBSD shows them how, maybe they'd be able to debate properly if we told them what to say? -- Jason Downs downsj@teeny.org --> teeny.org: Free Software for a Free Internet <-- http://www.teeny.org/ Little. Yellow. Secure. http://www.openbsd.org/