De Raadt + FBSD + OpenSSH + hole?
Bryan Drewery
bdrewery at FreeBSD.org
Sat Apr 19 07:11:10 UTC 2014
On 4/14/2014 7:32 AM, Jamie Landeg-Jones wrote:
> Matt Dawson <matt at chronos.org.uk> wrote:
>
>> My first thought when I saw this was "ego over ethics," which says more
>> about Theo than FreeBSD.
>
> Totally.
>
> I know Theo has a reputation for being 'difficult', but in my opinion,
> this outburst really calls into question his perceived motivations
> regarding secure software.
>
> As to the specific question, I don't think his ego would allow a bug
> in openssh to persist, so even if it does, I'd suspect it's not too
> serious (or it's non-trivial to exploit), and it's related to FreeBSD
> produced 'glue'.
>
> This is total guesswork on my part, but I'd therefore assume he was
> talkining about openssh in base, rarther than openssh-portable in
> ports.
>
As the maintainer of the port I will say that your security decreases
with each OPTION/patch you apply. I really would not be surprised if one
of the optional patches available in the port had issues.
--
Regards,
Bryan Drewery
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 553 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20140419/da905f7a/attachment.sig>
More information about the freebsd-security
mailing list