Date: Fri, 11 Aug 2006 12:53:33 -0400 (EDT) From: Wesley Morgan <morganw@chemikals.org> To: =?iso-8859-1?Q?Jos=E9_M=2E_Fandi=F1o?= <freebsd4@fadesa.es>, freebsd-security@freebsd.org Subject: Re: atheros chips dangerous? Message-ID: <20060811123921.K43265@volatile.chemikals.org> In-Reply-To: <38802.1155288265@critter.freebsd.dk> References: <38802.1155288265@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 11 Aug 2006, Poul-Henning Kamp wrote: > In message <44DC47D7.2050908@fadesa.es>, =?ISO-8859-1?Q?=22Jos=E9_M=2E_Fandi=F1 > o=22?= writes: > >>> Sam compiled those binaries, he has the source code. >>> >> And it is a matter of trust. >> >> from the phk's comments I deduce that it was a NDA between Atheros >> and FreeBSD. > > The NDA is between Atheros and Sam Leffler. > >> In my opinion the difference is that with NDA you place trust in >> a few persons (the ones with the code), whilst with open source >> drivers the code can be reviewed by all people with enough >> knowledge about the subject and since peer review is an important >> concept in FOSS quality (and security) it would be desirable >> to have free code. > > While that is certainly true, I also feel that the fact that > Atheros has actively tried to work with the FOSS people to get > a good driver should be credited to them. > > Other vendors have been totally impossible to work with. I agree, the Atheros driver is fantastic. The driver may be "binary" in some ways, but I think we got the best of both worlds. The vendor is providing every scrap of information necessary without having to give away trade secrets, and FreeBSD got a driver authored by a developer who is probably one of the most qualified people in the world to work on it. I know I go out of my way to purchase and recommend Atheros-based wireless devices because of this. Anyone who simply makes the blanket assumption that because something is "FOSS" that it gets more peer review need only to look at some of the oldest open source projects around, such as sendmail or XFree/Xorg, to realize that security problems can persist for years without being discovered. -- This .signature sanitized for your protection
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060811123921.K43265>