Date: Sat, 19 Apr 2014 11:02:03 +0100 From: Matt Dawson <matt@chronos.org.uk> To: Bryan Drewery <bdrewery@FreeBSD.org>, Jamie Landeg-Jones <jamie@dyslexicfish.net>, <freebsd-security@freebsd.org> Subject: Re: De Raadt + FBSD + OpenSSH + hole? Message-ID: <201404191002.s3JA2KhF047708@chronos.org.uk> In-Reply-To: <53522186.9030207@FreeBSD.org> References: <534B11F0.9040400@paladin.bulgarpress.com> <201404141207.s3EC7IvT085450@chronos.org.uk> <201404141232.s3ECWFQ1081178@catnip.dyslexicfish.net> <53522186.9030207@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 19 Apr 2014 02:11:02 -0500 Bryan Drewery <bdrewery@FreeBSD.org> wrote: > As the maintainer of the port I will say that your security decreases > with each OPTION/patch you apply. I really would not be surprised if > one of the optional patches available in the port had issues. In all honesty, code is now so complex that there are always going to be issues that won't become apparent until an exploit is found. These are the risks we take when allowing systems to communicate. The people fomenting discord are simply taking advantage of the situation to inflate their egos and follow other agendas, whether that be attacking open source, attacking FreeBSD, justifying their own existence or simply deviltry. Oh, and it makes for good copy, of course. Wouldn't want people to forget you're there, eh? All we as users can do is apply common sense when deploying critical services such as these and reduce the attack vector surface area (re Bryan's note on the port options) as much as possible. Assume it has holes, deploy on that basis, install digital rottweiler (who may also have holes but, please $DEITY, not the same ones) to mitigate. Pragmatism should be a required discipline. - -- Safer alternative to smoking under threat from over-regulation due to pseudo-science and puritanism. Please help keep personal vapourisers available for ex and potential ex-smokers at http://www.efvi.eu/ by showing your support for this citizens' initiative. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iEYEARECAAYFAlNSSaIACgkQAmT9uY8euiJy6wCgi83LBYd5rYTWOkXdTU+Jd8RW S44AoKTfDnb5XKspL3P9YnVcuV8P+IqO =ezEc -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201404191002.s3JA2KhF047708>