freebsd vs. netbsd
Valeri Galtsev
galtsev at kicp.uchicago.edu
Tue Jun 9 03:14:27 UTC 2020
> On Jun 8, 2020, at 9:45 PM, Kevin P. Neal <kpn at neutralgood.org> wrote:
>
> On Mon, Jun 08, 2020 at 09:29:56AM -0700, Donald Wilde wrote:
>> On 6/8/20, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote:
>>> Still with utmost respect to OpenBSD for openSSH and general ultimate
>>> security focused approach,
>>>
>>
>> I think the fact that the other two root projects (NetBSD and FreeBSD)
>> have included that code says it has all been audited at the highest
>> level by people of equal capability.
>
> No, auditing isn't required for importing.
>
> Back around 1994 when OpenBSD started they started talking about how secure
> they were. And then the port for the DEC Alpha stopped booting. When they
> tracked down the bug they found that the OpenBSD guys had been importing
> NetBSD code without looking at it.
>
> It was something along the lines of (in locore.s):
> #ifdef OPENBSD
> jmp 0
> #endif
>
> That's one example, and it's true it was in the mid-90's. It's just an
> example to show my point.
>
> Importing the openssh code from OpenBSD just means it gets the job done
> and is good enough. I doubt any FreeBSD developer has audited the OpenSSH
> code, the OpenSSL code, the SQLite code, or any of the other medium-sized
> projects that are in the FreeBSD tree now. The exceptions are probably
> projects that were imported once and then developed in-tree afterwards,
> like the IPv6 stack.
>
Thanks, Kevin. This was really instructive!
Valeri
> --
> Kevin P. Neal http://www.pobox.com/~kpn/
>
> "What is mathematics? The age-old answer is, of course, that mathematics
> is what mathematicians do." - Donald Knuth
More information about the freebsd-questions
mailing list