De Raadt + FBSD + OpenSSH + hole?
Mikhail
mp39590 at gmail.com
Sun Apr 20 01:46:40 UTC 2014
>On 4/14/2014 7:32 AM, Jamie Landeg-Jones wrote:
>> Matt Dawson <matt at chronos.org.uk> wrote:
>>
>>> My first thought when I saw this was "ego over ethics," which says more
>>> about Theo than FreeBSD.
>>
>> Totally.
>>
>> I know Theo has a reputation for being 'difficult', but in my opinion,
>> this outburst really calls into question his perceived motivations
>> regarding secure software.
>>
>> As to the specific question, I don't think his ego would allow a bug
>> in openssh to persist, so even if it does, I'd suspect it's not too
>> serious (or it's non-trivial to exploit), and it's related to FreeBSD
>> produced 'glue'.
>>
>> This is total guesswork on my part, but I'd therefore assume he was
>> talkining about openssh in base, rarther than openssh-portable in
>> ports.
>>
>
>As the maintainer of the port I will say that your security decreases
>with each OPTION/patch you apply. I really would not be surprised if one
>of the optional patches available in the port had issues.
I believe that Theo just browbeat. Reasons? It was looooong ago, I think
very few still remember, but Theo definitely does:
http://lists.freebsd.org/pipermail/freebsd-security/2005-March/002719.html
More information about the freebsd-security
mailing list