From owner-freebsd-security@FreeBSD.ORG Wed Dec 15 13:19:24 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BC704106564A for ; Wed, 15 Dec 2010 13:19:24 +0000 (UTC) (envelope-from erik@cederstrand.dk) Received: from csmtp1.one.com (csmtp1.one.com [195.47.247.21]) by mx1.freebsd.org (Postfix) with ESMTP id 524478FC15 for ; Wed, 15 Dec 2010 13:19:24 +0000 (UTC) Received: from [10.0.0.63] (2105ds5-by.0.fullrate.dk [95.166.24.212]) by csmtp1.one.com (Postfix) with ESMTP id 6FC2B1BC04F09; Wed, 15 Dec 2010 13:03:31 +0000 (UTC) Mime-Version: 1.0 (Apple Message framework v1082) Content-Type: multipart/signed; boundary=Apple-Mail-474-578398603; protocol="application/pkcs7-signature"; micalg=sha1 From: Erik Cederstrand In-Reply-To: <4d08a854.w8rPywliRhHs/MXH%akosela@andykosela.com> Date: Wed, 15 Dec 2010 14:03:31 +0100 Message-Id: <919A1DAE-2FD1-42A1-9D11-D001A116299E@cederstrand.dk> References: <4d08a854.w8rPywliRhHs/MXH%akosela@andykosela.com> To: akosela@andykosela.com X-Mailer: Apple Mail (2.1082) X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-security@freebsd.org Subject: Re: Allegations regarding OpenBSD IPSEC X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Dec 2010 13:19:24 -0000 --Apple-Mail-474-578398603 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Den 15/12/2010 kl. 12.36 skrev Andy Kosela: > Some of you probably already read this: >=20 > http://marc.info/?l=3Dopenbsd-tech&m=3D129236621626462&w=3D2 >=20 > Interesting...I wonder what is the impact of all this on FreeBSD code. > We may very well suppose that any government or corporation funded = code > can theoretically have some kind of backdoor inside. That wouldn't be restricted to funded code. If somebody really wanted to = place backdoors in FreeBSD, posing as NSA, FBI, KGB or whatever doesn't = seem like the best option. Position a guy as a src committer instead, = pretending to work alone. I'm not saying this to point fingers or spread FUD or anything like = that, just that people should be careful reading any commits to catch = backdoors, intentional or by mistake, regardless where they come from. = Which is one thing I admire about FreeBSD - commits are actually read = carefully, by many people, and frequently commented upon. Erik= --Apple-Mail-474-578398603--