Date: Sat, 19 Apr 2014 02:11:02 -0500 From: Bryan Drewery <bdrewery@FreeBSD.org> To: Jamie Landeg-Jones <jamie@dyslexicfish.net>, matt@chronos.org.uk, freebsd-security@freebsd.org Subject: Re: De Raadt + FBSD + OpenSSH + hole? Message-ID: <53522186.9030207@FreeBSD.org> In-Reply-To: <201404141232.s3ECWFQ1081178@catnip.dyslexicfish.net> References: <534B11F0.9040400@paladin.bulgarpress.com> <201404141207.s3EC7IvT085450@chronos.org.uk> <201404141232.s3ECWFQ1081178@catnip.dyslexicfish.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Brm0le8XSWtQUgIkcvVj5GvFmEXSX9kNh Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 4/14/2014 7:32 AM, Jamie Landeg-Jones wrote: > Matt Dawson <matt@chronos.org.uk> wrote: >=20 >> My first thought when I saw this was "ego over ethics," which says mor= e >> about Theo than FreeBSD. >=20 > Totally. >=20 > I know Theo has a reputation for being 'difficult', but in my opinion, > this outburst really calls into question his perceived motivations > regarding secure software. >=20 > As to the specific question, I don't think his ego would allow a bug > in openssh to persist, so even if it does, I'd suspect it's not too > serious (or it's non-trivial to exploit), and it's related to FreeBSD > produced 'glue'. >=20 > This is total guesswork on my part, but I'd therefore assume he was > talkining about openssh in base, rarther than openssh-portable in > ports. >=20 As the maintainer of the port I will say that your security decreases with each OPTION/patch you apply. I really would not be surprised if one of the optional patches available in the port had issues. --=20 Regards, Bryan Drewery --Brm0le8XSWtQUgIkcvVj5GvFmEXSX9kNh Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTUiGGAAoJEDXXcbtuRpfPTNoIANblIe8v5jAl4QNT8FapyKtw 0SN5a0qHyLKPGhE1gTBsiZabM/B3hR1d62ph0U4L+fGv/+pBlaO1KmGBg5Oekjf8 MzTEJPC7veQeEFCZDgu0hVTiPYLAA0MtwmSkxgVu8Dppm3pDE/07mj/sZvW+kMSA vxWLg+xmJq4SjbW3srA0kHHOw9a22wIIQMiGXmNAruLlXa49eWzDRUXfpkX/3S0D 0/ks4AgQ2FC+62MY/FG4waOjVWtX7zamPDSk+JmgRVFPlaDdRirTpmqIR91aFeud 1mlpV4VUAvDxeSTjk5bKV4kD+nCg2IpXaTo14fXDFk7B1fnihOPPZul483LcuJk= =5Okr -----END PGP SIGNATURE----- --Brm0le8XSWtQUgIkcvVj5GvFmEXSX9kNh--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53522186.9030207>