*BSD News Article 89457


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!lucy.swin.edu.au!news.rmit.EDU.AU!news.unimelb.EDU.AU!munnari.OZ.AU!news.ecn.uoknor.edu!news.wildstar.net!news.ececs.uc.edu!newsfeeds.sol.net!uwm.edu!news.he.net!nntp.iccom.com!news.rain.net!pacifier!downsj
From: downsj@threadway.teeny.org (Jason Downs)
Newsgroups: comp.unix.bsd.netbsd.misc,comp.security.unix
Subject: Re: OpenBSD hides security fixes (and blindly integrates code)
Date: 17 Feb 1997 03:54:08 GMT
Organization: OpenBSD
Lines: 38
Message-ID: <5e8kp0$lgo@news.pacifier.com>
References: <none-ya023480001912962244220001@news.infi.net> <5e6mjn$q3n@panix2.panix.com> <5e6o39$6am@news.pacifier.com> <5e8cf4$83s@panix2.panix.com>
NNTP-Posting-Host: teenyrtr.pacifier.com
Cc: 
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.netbsd.misc:5436 comp.security.unix:31856

In article <5e8cf4$83s@panix2.panix.com>,
Thor Lancelot Simon <tls@rek.tjls.com> wrote:
]In article <5e6o39$6am@news.pacifier.com>,
]Jason Downs <downsj@threadway.teeny.org> wrote:
]>In article <5e6mjn$q3n@panix2.panix.com>,
]>Thor Lancelot Simon <tls@rek.tjls.com> wrote:
]]In article <DERAADT.97Feb16012623@zeus.pacifier.com>,
]>]Theo de Raadt <deraadt@theos.com> wrote:
]>]>I'll bet you don't.
]>]
]>]No, he doesn't.  Neither do I.  In fact, we beat this to death internally, and
]>]I don't really think anyone's glad that it happened.  On the other hand, quite
]>]a few people expressed surprise that said #ifndef made it into OpenBSD, since
]>]that pretty clearly indicates that said code was integrated _without anyone
]>]ever even reading it_ -- rather a stunner, for an operating system which
]>]claims to have security as one of its primary goals.
]>
]>So you're saying that in the future NetBSD plans to commit outright security
]>holes to the arch-dependant portions of their tree?
]
]Did I say that?  No, I didn't say that.  I suggest you stop making things like
]that up, lest you discredit yourself further.

Hey, I have an idea.  Why don't you and the rest of the NetBSD cabal (to use
peter's term) start actually even attempting to respond with some well
thought out argumentation?  I think I've lost count of the number of times
NetBSD people have used the term "discredit" and failed to actually respond
to a point.  Perhaps they realize that's what they're doing to their own
position...

I sense a trend here.  NetBSD can't fix security holes unless OpenBSD shows
them how, maybe they'd be able to debate properly if we told them what to say?

-- 
Jason Downs
downsj@teeny.org  --> teeny.org: Free Software for a Free Internet <--
			     http://www.teeny.org/
	       Little.  Yellow.  Secure.  http://www.openbsd.org/