From owner-freebsd-hackers  Fri Oct 18 23:50:25 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id XAA23117
          for hackers-outgoing; Fri, 18 Oct 1996 23:50:25 -0700 (PDT)
Received: from dyson.iquest.net ([198.70.144.127])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id XAA23106;
          Fri, 18 Oct 1996 23:50:21 -0700 (PDT)
Received: (from root@localhost) by dyson.iquest.net (8.7.5/8.6.9) id BAA02780; Sat, 19 Oct 1996 01:50:02 -0500 (EST)
From: "John S. Dyson" <toor@dyson.iquest.net>
Message-Id: <199610190650.BAA02780@dyson.iquest.net>
Subject: Re: cvs commit: src/lib/libc/db/hash hash_buf.c
To: deraadt@theos.com (Theo de Raadt)
Date: Sat, 19 Oct 1996 01:50:02 -0500 (EST)
Cc: dyson@freebsd.org, downsj@teeny.org, ache@nagual.ru, dg@root.com,
        gritton@byu.edu, freebsd-hackers@freebsd.org,
        tech-userlevel@netbsd.org, misc@openbsd.org
In-Reply-To: <199610190634.AAA29148@zeus.theos.com> from "Theo de Raadt" at Oct 19, 96 00:34:14 am
Reply-To: dyson@freebsd.org
X-Mailer: ELM [version 2.4 PL24 ME8]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> 
> > > Ah, yes.  I've been watching this thread with some amount of amusement, as
> > > have other OpenBSD developers.
> > > 
> > > Yes, please back it out.  I would rather have OpenBSD remain the most secure
> > > version of UNIX that money can't buy.
> > > 
> > 
> > The THING about OpenBSD security is pretty much unsubstantiated.  I think
> > that it is kind of funny (odd)...  Very few outside of OpenBSD have been
> > provided with any kind of digest as to the security fixes...  Sounds like
> > marketing claims to me!!!
> > 
> > Additionally, that "fix" was simply the wrong thing to do, and there are
> > better ways to deal with the problem.  If the zeroing the buffer in db
> > was typical of the ways that others are "fixing" security, well...  Sad... :-(.
> 
> Ah John, ever eager to continue a flame war aren't you.
> 
Please refer to the message that I commented on...  I am NOT flaming,
simply stating an outsiders view of the unsubstantiated OpenBSD position.
BTW, what flame war?  Why are you bringing flamage up?

John
dyson@freebsd.org -- BSD with a heart, we offer to help.