From owner-freebsd-security@FreeBSD.ORG Wed Aug 16 09:59:29 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E9D3D16A4DF for ; Wed, 16 Aug 2006 09:59:29 +0000 (UTC) (envelope-from freebsd4@fadesa.es) Received: from fuego.fadesa.es (fuego.fadesa.es [195.55.55.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id 19D3C43D49 for ; Wed, 16 Aug 2006 09:59:28 +0000 (GMT) (envelope-from freebsd4@fadesa.es) Received: (from root@localhost) by fuego.fadesa.es (8.9.3p2/8.8.8) id LAA20602 for ; Wed, 16 Aug 2006 11:52:00 +0200 Received: from tierra.fadesa.es(195.55.55.7) by fuego.fadesa.es Wed, 16 Aug 06 11:51:37 +0200 Received: from [195.55.55.6] (filemon.fadesa.es [195.55.55.6] (may be forged)) by tierra.fadesa.es (8.9.3p2/8.8.8) with ESMTP id LAA02579 for ; Wed, 16 Aug 2006 11:58:51 +0200 Message-ID: <44E2EC5B.3010007@fadesa.es> Date: Wed, 16 Aug 2006 11:58:51 +0200 From: =?ISO-8859-1?Q?=22Jos=E9_M=2E_Fandi=F1o=22?= User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.13) Gecko/20060417 X-Accept-Language: gl, es, en MIME-Version: 1.0 To: freebsd-security@freebsd.org References: <38802.1155288265@critter.freebsd.dk> <20060811123921.K43265@volatile.chemikals.org> In-Reply-To: <20060811123921.K43265@volatile.chemikals.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Logged: Logged by tierra.fadesa.es as LAA02579 at Wed Aug 16 11:58:51 2006 Subject: Re: atheros chips dangerous? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Aug 2006 09:59:30 -0000 Wesley Morgan wrote: >> Other vendors have been totally impossible to work with. > > > I agree, the Atheros driver is fantastic. The driver may be "binary" in > some ways, but I think we got the best of both worlds. The vendor is > providing every scrap of information necessary without having to give > away trade secrets, and FreeBSD got a driver authored by a developer who > is probably one of the most qualified people in the world to work on it. > I know I go out of my way to purchase and recommend Atheros-based > wireless devices because of this. because of this, I'm buying their hardware. > Anyone who simply makes the blanket assumption that because something is > "FOSS" that it gets more peer review need only to look at some of the > oldest open source projects around, such as sendmail or XFree/Xorg, to > realize that security problems can persist for years without being > discovered. I know that by the mere fact of making it free it isn't automatically more secure, it needs reviews from people interest in it. But by reducing the potential number of reviewers with some type of restrictive contract doesn't help either. Anyway, as it was commented in this case the solution was reasonable because the NDA in use is for the 802.11 PHY layer to comply with the regulatory laws, see: http://madwifi.org/wiki/HAL#WhyistheHALclosedsource