Date: Wed, 15 Dec 2010 21:20:21 -0800 From: Rob Farmer <rfarmer@predatorlabs.net> To: Andy Kosela <akosela@andykosela.com> Cc: Johan van Selst <johans@stack.nl>, freebsd-security@freebsd.org Subject: Re: Allegations regarding OpenBSD IPSEC Message-ID: <AANLkTi=rTFha_EPfsHbBmMwtDArqK8ysPq2VUcV0=owT@mail.gmail.com> In-Reply-To: <AANLkTik2vAyyzU8tqGqURGd-8DO2=joBNabXCN_HgoVE@mail.gmail.com> References: <4d08a854.w8rPywliRhHs/MXH%akosela@andykosela.com> <20101215193315.GA41513@mud.stack.nl> <AANLkTik2vAyyzU8tqGqURGd-8DO2=joBNabXCN_HgoVE@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Dec 15, 2010 at 14:09, Andy Kosela <akosela@andykosela.com> wrote: > Would you publically say: "yes, I was on the FBI payroll and planted > those backdoors". =A0Let's be honest here. Yes, let's. What is your motive for bringing up this issue? Are you on an intelligence agency's payroll, which has inserted backdoors into another OS (say Linux), and are trying to get people to switch from BSD? Can you prove this isn't true? The problem with this, and other conspiracy theories, is they are characterized by vague accusations that are hard to verify, one way or another. Governments (and virtually all large organizations) have done unethical things in the past and will do so in the future. As I see it, either this type of thing is widespread, in which all OSes (open and proprietary) are probably affected, or it is BS. Security experts may audit the code, but since they could be in on it, their results can't be trusted. And if you can't trust the reputation of the developers, then what? Audit the entire thing yourself? How many people have the time and skills to do so? There's nothing average people can do with these allegations, other than accept (without evidence) that those named are sleazes, which is unfair, to say the least - how does one prove they aren't involved in such a thing? And why should they have to? What happened to "innocent until proven guilty?" >=A0We need to witness what Greg > Perry has more to say about this. =A0If he claims this is true I guess > he still got the code for that -- let him publish it or at least point > us in the right direction in the OpenBSD source code. That should have been done at the start. --=20 Rob Farmer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTi=rTFha_EPfsHbBmMwtDArqK8ysPq2VUcV0=owT>