From owner-freebsd-security  Tue Oct  1 12:22:14 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 57DEE37B401
	for <security@FreeBSD.ORG>; Tue,  1 Oct 2002 12:22:12 -0700 (PDT)
Received: from smtp.comcast.net (smtp.comcast.net [24.153.64.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DD7C643E4A
	for <security@FreeBSD.ORG>; Tue,  1 Oct 2002 12:22:11 -0700 (PDT)
	(envelope-from lomifeh@earthlink.net)
Received: from earthlink.net
 (bgp586692bgs.jdover01.nj.comcast.net [68.39.202.147])
 by mtaout03.icomcast.net
 (iPlanet Messaging Server 5.1 HotFix 1.4 (built Aug  5 2002))
 with ESMTP id <0H3B002K6HSYSX@mtaout03.icomcast.net> for security@FreeBSD.ORG;
 Tue, 01 Oct 2002 15:22:11 -0400 (EDT)
Date: Tue, 01 Oct 2002 15:22:10 -0400
From: Larry Sica <lomifeh@earthlink.net>
Subject: Re: Is FreeBSD's tar susceptible to this?
In-reply-to: <4.3.2.7.2.20021001122135.0344e410@localhost>
To: Brett Glass <brett@lariat.org>
Cc: Matt Piechota <piechota@argolis.org>,
	Aaron Namba <aaron@namba1.com>, security@FreeBSD.ORG
Message-id: <150AE1C1-D573-11D6-AD20-000393A335A2@earthlink.net>
MIME-version: 1.0
X-Mailer: Apple Mail (2.546)
Content-type: text/plain; charset=US-ASCII; format=flowed
Content-transfer-encoding: 7BIT
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


On Tuesday, October 1, 2002, at 02:23 PM, Brett Glass wrote:

> At 11:46 AM 10/1/2002, Matt Piechota wrote:
>
>> Fearing the off-topic avalanche that's going to come of this...
>>
>> Why the GPL?  It would have been just as likely to happen in BSD tar,
>
> It would be less likely, because the BSDs have more peer review and
> more careful auditing.
>

This is not because of the BSDL or GPL though.  It is because of the 
project's makeup.  Politics aside, a license has nothing to do with the 
quality of the work, or lack thereof.  And many *BSD and BSDL products 
have had security problems.  Now sure, the zlib problem was avoided.  
But FreeBSD has had it's own recent spate of problems.  I am not sure 
this discussion is even appropriate in this forum.  If we are 
vulnerable it needs to be fixed, period.  Let's not use a security 
problem for political maneuvering.

--Larry


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message