De Raadt + FBSD + OpenSSH + hole?

[Matt Dawson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, 19 Apr 2014 02:11:02 -0500
Bryan Drewery <bdrewery at FreeBSD.org> wrote:

> As the maintainer of the port I will say that your security decreases
> with each OPTION/patch you apply. I really would not be surprised if
> one of the optional patches available in the port had issues.

In all honesty, code is now so complex that there are always going to
be issues that won't become apparent until an exploit is found. These
are the risks we take when allowing systems to communicate. The people
fomenting discord are simply taking advantage of the situation to
inflate their egos and follow other agendas, whether that be attacking
open source, attacking FreeBSD, justifying their own existence or
simply deviltry. Oh, and it makes for good copy, of course. Wouldn't
want people to forget you're there, eh?

All we as users can do is apply common sense when deploying critical
services such as these and reduce the attack vector surface area (re
Bryan's note on the port options) as much as possible. Assume it has
holes, deploy on that basis, install digital rottweiler (who may also
have holes but, please $DEITY, not the same ones) to mitigate.

Pragmatism should be a required discipline.
- -- 
Safer alternative to smoking under threat from over-regulation
due to pseudo-science and puritanism. Please help keep personal
vapourisers available for ex and potential ex-smokers at 
http://www.efvi.eu/ by showing your support for this citizens'
initiative. 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (FreeBSD)

iEYEARECAAYFAlNSSaIACgkQAmT9uY8euiJy6wCgi83LBYd5rYTWOkXdTU+Jd8RW
S44AoKTfDnb5XKspL3P9YnVcuV8P+IqO
=ezEc
-----END PGP SIGNATURE-----