From owner-freebsd-security@FreeBSD.ORG Fri Aug 11 08:46:51 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C2B3C16A4F8 for ; Fri, 11 Aug 2006 08:46:51 +0000 (UTC) (envelope-from jm.fandino@fadesa.es) Received: from fuego.fadesa.es (fuego.fadesa.es [195.55.55.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id D704243D49 for ; Fri, 11 Aug 2006 08:46:50 +0000 (GMT) (envelope-from jm.fandino@fadesa.es) Received: (from root@localhost) by fuego.fadesa.es (8.9.3p2/8.8.8) id KAA18218 for ; Fri, 11 Aug 2006 10:40:19 +0200 Received: from tierra.fadesa.es(195.55.55.7) by fuego.fadesa.es Fri, 11 Aug 06 10:40:02 +0200 Received: from [195.55.55.6] (filemon.fadesa.es [195.55.55.6] (may be forged)) by tierra.fadesa.es (8.9.3p2/8.8.8) with ESMTP id KAA04412 for ; Fri, 11 Aug 2006 10:46:19 +0200 Message-ID: <44DC43DB.5060904@fadesa.es> Date: Fri, 11 Aug 2006 10:46:19 +0200 From: =?ISO-8859-1?Q?=22Jos=E9_M=2E_Fandi=F1o=22?= User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.13) Gecko/20060417 X-Accept-Language: gl, es, en MIME-Version: 1.0 To: freebsd-security@freebsd.org References: <19518.1155238010@critter.freebsd.dk> In-Reply-To: <19518.1155238010@critter.freebsd.dk> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Logged: Logged by tierra.fadesa.es as KAA04412 at Fri Aug 11 10:46:19 2006 X-Mailman-Approved-At: Fri, 11 Aug 2006 11:32:35 +0000 Subject: Re: atheros chips dangerous? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 08:46:51 -0000 Poul-Henning Kamp wrote: > In message <20060810130331.X94142@3jane.math.ualberta.ca>, Barkley Vowk writes: > >>On Thu, 10 Aug 2006, Poul-Henning Kamp wrote: >> >>>The Atheros driver in FreeBSD is maintained and compiled by Sam Leffler, >>>who has been around since BSD 4.2 in the early eighties sometimes. >>> >>>I trust Sam. >> >>I don't think that quite answers his question however. Its not so much a >>matter of trusting Sam, but a matter of trusting that Sam had enough >>access to the binary objects in question to have eliminated the errors in >>them. > > Sam compiled those binaries, he has the source code. > > And it is a matter of trust. from the phk's comments I deduce that it was a NDA between Atheros and FreeBSD. In my opinion the difference is that with NDA you place trust in a few persons (the ones with the code), whilst with open source drivers the code can be reviewed by all people with enough knowledge about the subject and since peer review is an important concept in FOSS quality (and security) it would be desirable to have free code. this answers to my question, thanks you.