From owner-freebsd-arch Thu Jul 19 12:30:21 2001 Delivered-To: freebsd-arch@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-215.dsl.lsan03.pacbell.net [63.207.60.215]) by hub.freebsd.org (Postfix) with ESMTP id 6C6C137B401; Thu, 19 Jul 2001 12:30:18 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 8B19766C4D; Thu, 19 Jul 2001 12:30:16 -0700 (PDT) Date: Thu, 19 Jul 2001 12:30:16 -0700 From: Kris Kennaway To: David O'Brien Cc: Kris Kennaway , Mike Heffner , arch@FreeBSD.ORG Subject: Re: Importing lukemftpd Message-ID: <20010719123015.A44746@xor.obsecurity.org> References: <20010717103604.B79329@xor.obsecurity.org> <20010719112221.A84356@dragon.nuxi.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="SLDf9lqlvOQaIe6s" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010719112221.A84356@dragon.nuxi.com>; from obrien@FreeBSD.ORG on Thu, Jul 19, 2001 at 11:22:21AM -0700 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --SLDf9lqlvOQaIe6s Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jul 19, 2001 at 11:22:21AM -0700, David O'Brien wrote: > > but it is not to become the default ftpd until I've > > signed off on it. >=20 > Are you now holding all daemon hostage? I think you're being too strong > on this statement. If this is going to be the case, please document that > from now on daemon changes (or new ones) must be pre-approved by the S.O. You're being facetious. We've had this conversation many times before and I'm not saying anything new to you now that I haven't said before. I know you don't like it, but as security officer I get to make that decision. > > We now have funding to perform in-depth auditing > > work on FreeBSD, so I think this would be achieved in a reasonable > > timeframe (probably by 5.0-RELEASE). >=20 > I want a _commitment_ for 5.0-RELEASE. I provide pointers to the source, > explained the advantages of doing this; and still none of them reviewed > the source. So lets set a timeline that your auditors have until > November 1st to audit this. On November 1st we go live with LukeM ftpd. I can't give you a commitment, but this is going to be my top priority to request once we figure out this funding thing. It will get done. Kris --SLDf9lqlvOQaIe6s Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7VzVHWry0BWjoQKURApE+AKDJlvwr9CPxJij+MRmlEwiXSh3t3ACdHSEV NQUk+gvYA6isT9Q5grmFGvs= =Bi7U -----END PGP SIGNATURE----- --SLDf9lqlvOQaIe6s-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message