From owner-freebsd-security@FreeBSD.ORG Fri Aug 11 18:50:02 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7E05616A4E5 for ; Fri, 11 Aug 2006 18:50:02 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mx24.fluidhosting.com [204.14.89.7]) by mx1.FreeBSD.org (Postfix) with SMTP id DEE6843D49 for ; Fri, 11 Aug 2006 18:50:01 +0000 (GMT) (envelope-from dougb@FreeBSD.org) Received: (qmail 2923 invoked by uid 399); 11 Aug 2006 18:50:01 -0000 Received: from localhost (HELO ?192.168.0.3?) (dougb@dougbarton.us@127.0.0.1) by localhost with SMTP; 11 Aug 2006 18:50:01 -0000 Message-ID: <44DCD156.6030108@FreeBSD.org> Date: Fri, 11 Aug 2006 11:49:58 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Thunderbird 1.5.0.5 (X11/20060729) MIME-Version: 1.0 To: Wesley Morgan References: <38802.1155288265@critter.freebsd.dk> <20060811123921.K43265@volatile.chemikals.org> In-Reply-To: <20060811123921.K43265@volatile.chemikals.org> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org, =?ISO-8859-1?Q?=22Jos=E9_M=2E_Fandi=F1o=22?= Subject: Re: atheros chips dangerous? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 18:50:02 -0000 Wesley Morgan wrote: > I agree, the Atheros driver is fantastic. The driver may be "binary" in > some ways, but I think we got the best of both worlds. The vendor is > providing every scrap of information necessary without having to give > away trade secrets, and FreeBSD got a driver authored by a developer who > is probably one of the most qualified people in the world to work on it. > I know I go out of my way to purchase and recommend Atheros-based > wireless devices because of this. > > Anyone who simply makes the blanket assumption that because something is > "FOSS" that it gets more peer review need only to look at some of the > oldest open source projects around, such as sendmail or XFree/Xorg, to > realize that security problems can persist for years without being > discovered. I can't resist the urge to add a "me too" on all points here, especially the part about going out of my way to use and recommend Atheros bits. These guys are a model for how hardware vendors can successfully interact with the open source community for mutual benefit. Doug -- This .signature sanitized for your protection