From owner-freebsd-security Mon Jun 24 23:25:28 2002 Delivered-To: freebsd-security@freebsd.org Received: from caligula.anu.edu.au (caligula.anu.edu.au [150.203.224.42]) by hub.freebsd.org (Postfix) with ESMTP id CBB5837B407 for ; Mon, 24 Jun 2002 23:25:21 -0700 (PDT) Received: (from avalon@localhost) by caligula.anu.edu.au (8.9.3/8.9.3) id QAA01010; Tue, 25 Jun 2002 16:25:19 +1000 (EST) From: Darren Reed Message-Id: <200206250625.QAA01010@caligula.anu.edu.au> Subject: Re: Hogwash To: ahl@austclear.com.au (Tony Landells) Date: Tue, 25 Jun 2002 16:25:18 +1000 (Australia/ACT) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <200206250556.PAA07738@tungsten.austclear.com.au> from "Tony Landells" at Jun 25, 2002 03:56:54 PM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In some mail from Tony Landells, sie said: [...] > If you expect a volunteer group to provide you with iron-clad secure > products, or to fix any found problems instantly, I think you're being > somewhat unrealistic. [...] This *is* what they claim to do. Personally, I think their claims are unrealistic and all the hype about "software audit" is just that - hype. If the OpenSSH team are working with ISS on a fix then it seems to me that ISS found this problem, not the OpenSSH team. Why did the audit by the OpenSSH team miss this problem ? Isn't this what their code audits are meant to find - security bugs ? What benefit are we *really* getting from their "code audits" ? Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message