Date: Mon, 18 Aug 2003 15:16:03 -0700 From: Benjamin Krueger <benjamin@seattlefenix.net> To: Brett Glass <brett@lariat.org> Cc: Kris Kennaway <kris@obsecurity.org> Subject: Re: All "GNU" software potentially Trojaned Message-ID: <20030818221603.GE10276@surreal.seattlefenix.net> In-Reply-To: <4.3.2.7.2.20030814124234.02a08540@localhost> References: <200308140525.XAA02934@lariat.org> <200308140525.XAA02934@lariat.org> <4.3.2.7.2.20030814124234.02a08540@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
* Brett Glass (brett@lariat.org) [030814 11:38]: > At 01:43 AM 8/14/2003, Kris Kennaway wrote: > > >On Wed, Aug 13, 2003 at 11:25:04PM -0600, Brett Glass wrote: > >> CERT Advisory CA-2003-21 GNU Project FTP Server Compromise > > > >This never would have happened if they had used the BSDL! > > Not true, of course. But on the other hand, the fact that FreeBSD > uses their code means that it may have integrated Trojaned source. > Another reason to avoid using code from a group that's not only > unethical and malicious but also careless about security. > > Kris, as a member of FreeBSD's security team I hope you're checking > to make sure that Trojaned code was not included. (The most effective > way would, of course, be to remove the GNU code from FreeBSD, but while > I'd like to see that done it's probably too much to hope for.) > > --Brett Glass Now Brett, just because you have a bug up your butt about the GPL doesn't mean you get the right to libel the folks who take care of it. -- Benjamin Krueger
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030818221603.GE10276>