De Raadt + FBSD + OpenSSH + hole?

[Brandon Vincent (Student)]

It seems like this attitude will provide fuel to the argument that open-source software is inherently less secure.

I'm surprised that SSH Communications Security hasn't used these posts yet as an argument to why their product is more secure.

Brandon Vincent
________________________________________
From: owner-freebsd-security at freebsd.org [owner-freebsd-security at freebsd.org] on behalf of Mikhail [mp39590 at gmail.com]
Sent: Saturday, April 19, 2014 6:46 PM
To: freebsd-security at freebsd.org
Subject: Re: De Raadt + FBSD + OpenSSH + hole?

>On 4/14/2014 7:32 AM, Jamie Landeg-Jones wrote:
>> Matt Dawson <matt at chronos.org.uk> wrote:
>>
>>> My first thought when I saw this was "ego over ethics," which says more
>>> about Theo than FreeBSD.
>>
>> Totally.
>>
>> I know Theo has a reputation for being 'difficult', but in my opinion,
>> this outburst really calls into question his perceived motivations
>> regarding secure software.
>>
>> As to the specific question, I don't think his ego would allow a bug
>> in openssh to persist, so even if it does, I'd suspect it's not too
>> serious (or it's non-trivial to exploit), and it's related to FreeBSD
>> produced 'glue'.
>>
>> This is total guesswork on my part, but I'd therefore assume he was
>> talkining about openssh in base, rarther than openssh-portable in
>> ports.
>>
>
>As the maintainer of the port I will say that your security decreases
>with each OPTION/patch you apply. I really would not be surprised if one
>of the optional patches available in the port had issues.

I believe that Theo just browbeat. Reasons? It was looooong ago, I think
very few still remember, but Theo definitely does:

http://lists.freebsd.org/pipermail/freebsd-security/2005-March/002719.html
_______________________________________________
freebsd-security at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"