Date: Wed, 12 Sep 2012 10:45:43 -1000 From: Doug Barton <dougb@FreeBSD.org> To: John Baldwin <jhb@freebsd.org> Cc: Arthur Mesh <arthurmesh@gmail.com>, Ian Lepore <freebsd@damnhippie.dyndns.org>, freebsd-rc@freebsd.org, freebsd-security@freebsd.org, RW <rwmaillists@googlemail.com>, Xin Li <delphij@delphij.net> Subject: Re: svn commit: r239569 - head/etc/rc.d Message-ID: <5050F477.8060409@FreeBSD.org> In-Reply-To: <201209121628.18088.jhb@freebsd.org> References: <50453686.9090100@FreeBSD.org> <20120911082309.GD72584@dragon.NUXI.org> <504F0687.7020309@FreeBSD.org> <201209121628.18088.jhb@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 9/12/2012 10:28 AM, John Baldwin wrote: > On Tuesday, September 11, 2012 5:38:15 am Doug Barton wrote: >> I've said lots of times now that my FreeBSD time is limited, and THE >> BURDEN OF PROOF IS ON YOU. If you think it's easy, whip it up. If you're >> right, the truth will benefit all of us. > > Having watched this thread mostly from the outside, I have to say this much: > this is a really rediculous argument that works both ways. Just because we > don't have a documented vulnerability doesn't mean it doesn't exist either. So it's Ok to make serious changes to a system that has worked well for 12 years with no actual proof that there is a problem? If I had gone in and changed a bunch of kernel structures because I was convinced that we could do things better, wouldn't there be a chorus of people screaming at me to provide proof of my claims? > Also, you are clearly wrong about /dev/random dropping input and refuse to > admit that. I have never said, "We are not dropping input." I have asked that the claimed problem(s) be demonstrated so that we can apply the right solution(s). Apparently Arthur has done this work, but has chosen to only share it privately with secteam@. I await the results with baited breath. :) What I HAVE done is offer solutions that both address Arthur and David's concerns about replay attacks without gutting the existing system. What Arthur and David have done is repeat their position ad infinitum in spite of my having pointed out equally often that they have misapplied what they have read. > To me that taints all your other claims and really weakens your > arguments. Well lately everything I say is de facto wrong, so I'm not surprised that you feel this way. :) Doug
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5050F477.8060409>