From owner-freebsd-questions@FreeBSD.ORG Tue Sep 24 00:56:15 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id A44BB1CA for ; Tue, 24 Sep 2013 00:56:15 +0000 (UTC) (envelope-from jhs@berklix.com) Received: from land.berklix.org (land.berklix.org [144.76.10.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 18C8F2561 for ; Tue, 24 Sep 2013 00:56:14 +0000 (UTC) Received: from mart.js.berklix.net (p57BCFD07.dip0.t-ipconnect.de [87.188.253.7]) (authenticated bits=128) by land.berklix.org (8.14.5/8.14.5) with ESMTP id r8O0u6k6006848; Tue, 24 Sep 2013 00:56:06 GMT (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (fire.js.berklix.net [192.168.91.41]) by mart.js.berklix.net (8.14.3/8.14.3) with ESMTP id r8O0tvCg005328; Tue, 24 Sep 2013 02:55:57 +0200 (CEST) (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (localhost.js.berklix.net [127.0.0.1]) by fire.js.berklix.net (8.14.4/8.14.4) with ESMTP id r8O0tcGl079985; Tue, 24 Sep 2013 02:55:44 +0200 (CEST) (envelope-from jhs@fire.js.berklix.net) Message-Id: <201309240055.r8O0tcGl079985@fire.js.berklix.net> To: freebsd-questions@freebsd.org Subject: Re: [FreeBSD-Announce] vBSDcon Registrations Only Open For 30 More Days! From: "Julian H. Stacey" Organization: http://berklix.com BSD Unix Linux Consultancy, Munich Germany User-agent: EXMH on FreeBSD http://berklix.com/free/ X-URL: http://www.berklix.com In-reply-to: Your message "Mon, 23 Sep 2013 16:29:27 EDT." Date: Tue, 24 Sep 2013 02:55:38 +0200 Sender: jhs@berklix.com Cc: Brett Glass X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Sep 2013 00:56:15 -0000 Hi, Good points in Brett & Michael's posts, but for brevity not copied. Best avoid having code written & reviewed just in USA as it would get less trust globaly, NSA is a known alien mega spy, & USA even coerces non USA citizens outside USA, eg http://www.theguardian.com/world/2009/aug/01/gary-mckinnon-extradition-nightmare http://www.change.org/en-GB/petitions/ukhomeoffice-stop-the-extradition-of-richard-o-dwyer-to-the-usa-saverichard Best encourage FreeBSD sources to be used & suspiciously reviewed by a variety of programmers & mathematicians/ cryptologists from different backgrounds & countries; Max chance of loophole reporting with more people from a spectrum of countries with rival mutualy distrusting governments from such as eg { Britain, China, France, Germany, Israel, North Korea, Russia, Syria, USA } etc. Presumably nearly all of us are cluless on crypto. math. so meantime encourage involvement of citizens of at least a few different dis-trusting countries. Kernels perhaps have less reviewers than cross-OS S/W eg GPG & Open-SSH etc, so kernels might be target of choice of suborners ? Maybe FreeBSD Foundation could set up a cheap bonus scheme for security bugs exposed/ fixed - Special edition coffee mugs, non purchasable, sent only as a reward, posted globaly free. Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultant, Munich http://berklix.com Reply below not above, like a play script. Indent old text with "> ". Send plain text. No quoted-printable, HTML, base64, multipart/alternative.