From owner-freebsd-rc@FreeBSD.ORG Wed Sep 12 20:45:46 2012 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35]) by hub.freebsd.org (Postfix) with ESMTP id 3E9AC106564A; Wed, 12 Sep 2012 20:45:46 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from [127.0.0.1] (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id 6DA3714D9E9; Wed, 12 Sep 2012 20:45:44 +0000 (UTC) Message-ID: <5050F477.8060409@FreeBSD.org> Date: Wed, 12 Sep 2012 10:45:43 -1000 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120907 Thunderbird/15.0.1 MIME-Version: 1.0 To: John Baldwin References: <50453686.9090100@FreeBSD.org> <20120911082309.GD72584@dragon.NUXI.org> <504F0687.7020309@FreeBSD.org> <201209121628.18088.jhb@freebsd.org> In-Reply-To: <201209121628.18088.jhb@freebsd.org> X-Enigmail-Version: 1.4.4 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Arthur Mesh , freebsd-rc@freebsd.org, obrien@freebsd.org, freebsd-security@freebsd.org, RW , Xin Li Subject: Re: svn commit: r239569 - head/etc/rc.d X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Sep 2012 20:45:46 -0000 On 9/12/2012 10:28 AM, John Baldwin wrote: > On Tuesday, September 11, 2012 5:38:15 am Doug Barton wrote: >> I've said lots of times now that my FreeBSD time is limited, and THE >> BURDEN OF PROOF IS ON YOU. If you think it's easy, whip it up. If you're >> right, the truth will benefit all of us. > > Having watched this thread mostly from the outside, I have to say this much: > this is a really rediculous argument that works both ways. Just because we > don't have a documented vulnerability doesn't mean it doesn't exist either. So it's Ok to make serious changes to a system that has worked well for 12 years with no actual proof that there is a problem? If I had gone in and changed a bunch of kernel structures because I was convinced that we could do things better, wouldn't there be a chorus of people screaming at me to provide proof of my claims? > Also, you are clearly wrong about /dev/random dropping input and refuse to > admit that. I have never said, "We are not dropping input." I have asked that the claimed problem(s) be demonstrated so that we can apply the right solution(s). Apparently Arthur has done this work, but has chosen to only share it privately with secteam@. I await the results with baited breath. :) What I HAVE done is offer solutions that both address Arthur and David's concerns about replay attacks without gutting the existing system. What Arthur and David have done is repeat their position ad infinitum in spite of my having pointed out equally often that they have misapplied what they have read. > To me that taints all your other claims and really weakens your > arguments. Well lately everything I say is de facto wrong, so I'm not surprised that you feel this way. :) Doug