Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 08 Feb 1997 13:26:19 -0800
From:      Cy Schubert <cy@cwsys.cwent.com>
To:        "Stephen F. Combs" <CombsSF@Salem.GE.COM>
Cc:        Robin Melville <robmel@nadt.org.uk>, security@freefall.freebsd.org, jkh@freebsd.org, security-officer@freebsd.org
Subject:   Re: security-digest V3 #12 
Message-ID:  <199702082126.NAA04237@cwsys.cwent.com>
In-Reply-To: Your message of "Thu, 06 Feb 1997 10:49:00 EST." <XFMail.970206105125.CombsSF@Salem.GE.COM> 

next in thread | previous in thread | raw e-mail | index | archive | help
I don't want to speak for Jordan but I belive that the constant griping
and complaing by a few on this list may have had, in addition to the
reasons he outlined, something to do with his resignation as President of
the FreeBSD project.  I'm sure the core and development teams are doing
their best to provide a well written and secure operating system.  I for
one would like third your motion.  Keep up the good work.

My switch from Linux to FreeBSD approximately two years ago was for the very
reason that I could see a quality product being developed in the project in
a cohesive and coherent manner, (as opposed to the Linux model of many
independent and unrelated or semi-related projects).

I'd like to point out that my experience with free UNIX operating systems has
been more productive than with the commercial vendors.  The telnetd,
syslog(), and numerous sendmail bugs have usually taken the various
commercial vendors I deal with months to come out with patches.  A good
example is the syslog() bug.  It took one vendor three months, another
four months, and yet another six months to deliver patches to me, while
the FreeBSD project had a patch within a week of the bug's announcement.

The FreeBSD project is giving us better service than many of the vendors at
no or very little cost to us.

To you complainers:  Why are you intent on pissing off the FreeBSD core
and devlopment teams and ruining a good thing?  Do you want everyone who has
been developing this fine operating system to resign just like Jordan did? 
If they did we'd have to switch to other operating systems.  I've done that
too many times to want to do this again.  I'm sure most people on this list
would agree.

To those of you who insist on broadcasting exploits:  Would you not be
more effective in distributing these exploits to your intended audience
via #warez or #hackers?

To security-officer@freebsd.org:  Please relay my appreciation to the core
and development teams for all of the hard work they've put into making
FreeBSD as stable as it is.  I'm sure I speak for the majority of people who
use FreeBSD that we appreciate the effort, especially over the last few days
to fix the setlocale() bug.


Cy Schubert
cschuber@uumail.gov.bc.ca
cys@mailhost.wlc.com



> Hear, Hear!  I've been using FreeBSD since the first available pre-release
> snapshot and I've NO PROBLEMS with the core developers!  Jordan and the core
> team have been EXTREEMLY responsive to problems/security holes/etc.....
> Anything thought of by man can be circumvented by man!(don't remember WHO 
> was the originator of that but 'TIS TRUE!).
> 
> Guys (and gals, if there are any) KEEP UP THE GOOD WORK!
> 
> On 06-Feb-97 Robin Melville wrote:
> >As a careful follower of the security digest I feel moved to add a
> >pennyworth of complaint.
> >
> >I'm getting very tired of wading through the arrogant, hypercritical screeds
> >posted by some correspondents. 
> >
> >Any user of FreeBSD must be aware that it's an exeptional piece of work
> >provided by volunteers who work their butts off. Our organisation is
> >particularly grateful to them since it enables us to provide clinical IT
> >which we couldn't possibly afford to do if the only option was commercial
> >Unices/Novell/NT. 
> >
> >The setlocale() security hole is unfortunate, but I'm sure not unexeptional
> >in the context of any huge project written in C. Now it's known about and is
> >being/has been fixed. There will be others.
> >
> >Security holes are a problem but also a fact of life for all system
> >managers. I don't have any complaint about the (unpaid) work of the core
> >team in attempting to patch them as they arise. What /would/ be tiresome
> >would be the widespread dissemination of exploits to make a (malicious?) poi
nt.
>  
> >
> >Highly skilled hackers will probably always be able to get into systems,
> >this is also a fact of life. Telling (the much larger number) of less
> >skilled/inquisitive users exactly how to get a # seems to me to be
> >monstrously unhelpful. Unskilled hackers with root access are much more
> >likely to do considerable damage by mistake than a passing wizard "bagging"
> >your system or surreptitiously stealing CPU/disk space.
> >
> >If these correspondents have a personal beef with members of the FreeBSD
> >core team would they please conduct it with private email.
> >
> >Thanks.
> >
> >Robin Melville
> >--------------------------------------------------------
> >Robin Melville, Addiction & Forensic Information Service
> >Nottingham Alcohol & Drug Team (Extn. 49178)
> >Vox: +44 (0)115 952 9478  Fax: +44 (0)115 952 9421 
> >Email: robmel@nadt.org.uk
> >WWW:   http://www.innotts.co.uk/nadt/
> >---------------------------------------------------------
> >
> 
> ----
> Stephen F. Combs                 Internet:      CombsSF@Salem.GE.COM
> GE Industrial Systems            Voice:         540.387.8828
> Network Services                 Home:          CombsSF-Home@Salem.GE.COM
> 1501 Roanoke Blvd                FAX:           540.387.7106
> Salem, VA  24153                 LapTop:        CombsSF-Mobile@Salem.GE.COM 
> 



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702082126.NAA04237>