Date: Mon, 8 Jun 2020 22:14:23 -0500 From: Valeri Galtsev <galtsev@kicp.uchicago.edu> To: "Kevin P. Neal" <kpn@neutralgood.org> Cc: Donald Wilde <dwilde1@gmail.com>, freebsd-questions@freebsd.org Subject: Re: freebsd vs. netbsd Message-ID: <6D6C21C3-C164-4652-B8F6-73B900471B97@kicp.uchicago.edu> In-Reply-To: <20200609024553.GB37422@neutralgood.org> References: <171506d5-19aa-359e-c21d-f07257c52ebd@freenetMail.de> <62d10000-e068-922e-23bd-f7a61e7a4e89@anatoli.ws> <ACE27C81-9437-41D6-BBD4-FA7A7B791428@kicp.uchicago.edu> <CAEC7392m%2B_AMfuLn-AgNzfWxgOFY=j_RrLaFFHtxHkeTjaR6%2Bg@mail.gmail.com> <637eed20-1326-dabf-ac9d-fac12a9dbaa5@kicp.uchicago.edu> <70c87d1a-a5d1-60ed-ef75-3a363bfd4c9e@kicp.uchicago.edu> <CAEC7391ym8hQbJie_hyds0NzVTfRV-L%2BaALmDw49GwjgU=T3XQ@mail.gmail.com> <20200609024553.GB37422@neutralgood.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Jun 8, 2020, at 9:45 PM, Kevin P. Neal <kpn@neutralgood.org> wrote: > > On Mon, Jun 08, 2020 at 09:29:56AM -0700, Donald Wilde wrote: >> On 6/8/20, Valeri Galtsev <galtsev@kicp.uchicago.edu> wrote: >>> Still with utmost respect to OpenBSD for openSSH and general ultimate >>> security focused approach, >>> >> >> I think the fact that the other two root projects (NetBSD and FreeBSD) >> have included that code says it has all been audited at the highest >> level by people of equal capability. > > No, auditing isn't required for importing. > > Back around 1994 when OpenBSD started they started talking about how secure > they were. And then the port for the DEC Alpha stopped booting. When they > tracked down the bug they found that the OpenBSD guys had been importing > NetBSD code without looking at it. > > It was something along the lines of (in locore.s): > #ifdef OPENBSD > jmp 0 > #endif > > That's one example, and it's true it was in the mid-90's. It's just an > example to show my point. > > Importing the openssh code from OpenBSD just means it gets the job done > and is good enough. I doubt any FreeBSD developer has audited the OpenSSH > code, the OpenSSL code, the SQLite code, or any of the other medium-sized > projects that are in the FreeBSD tree now. The exceptions are probably > projects that were imported once and then developed in-tree afterwards, > like the IPv6 stack. > Thanks, Kevin. This was really instructive! Valeri > -- > Kevin P. Neal http://www.pobox.com/~kpn/ > > "What is mathematics? The age-old answer is, of course, that mathematics > is what mathematicians do." - Donald Knuth
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6D6C21C3-C164-4652-B8F6-73B900471B97>