From nobody Mon Mar 14 20:10:52 2022
X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 5B70C1A1E951
	for <freebsd-questions@mlmmj.nyi.freebsd.org>; Mon, 14 Mar 2022 20:10:54 +0000 (UTC)
	(envelope-from iio7@tutanota.com)
Received: from w1.tutanota.de (w1.tutanota.de [81.3.6.162])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits)
	 client-signature RSA-PSS (2048 bits))
	(Client CN "mail.tutanota.de", Issuer "Sectigo RSA Domain Validation Secure Server CA" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4KHSMx4WH5z3JQr
	for <freebsd-questions@freebsd.org>; Mon, 14 Mar 2022 20:10:53 +0000 (UTC)
	(envelope-from iio7@tutanota.com)
Received: from w3.tutanota.de (unknown [192.168.1.164])
	by w1.tutanota.de (Postfix) with ESMTP id CC3FCFA03C5
	for <freebsd-questions@freebsd.org>; Mon, 14 Mar 2022 20:10:52 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1647288652;
	s=s1; d=tutanota.com;
	h=From:From:To:To:Subject:Subject:Content-Description:Content-ID:Content-Type:Content-Type:Content-Transfer-Encoding:Cc:Date:Date:In-Reply-To:MIME-Version:MIME-Version:Message-ID:Message-ID:Reply-To:References:Sender;
	bh=bR3GT5BW8q60TiNBQ+9ZUqR5t0l5wbetsjXcNFVoCws=;
	b=aJOSh4qqZfqDR+A9pRyn9dcNeilPSaSb7yRK/4MNQYxySpQ8h0ceV3VzSAAHEi7l
	X1PNL6MIudP0+j0/g2eY4Grpdb1ViYa7MVMfyyaGDrDth41c1vHlQvvCWSwuVYmRuEo
	epUMiJMvqjuOJrZOYDDGdk0qht34bMlQIj9kEgWUk92ri1aIM5hQYdq7SAw15J3nyQi
	wB4EEggo9f7xOtUhSktbrJiogwgozEzo8uJcVVqa3y0QBpKjtysrHxX6/tkV2RNPgSf
	NZHAd0FZogbn71ipG3TZzM95KOQ3IYPRpvOBFRe5bk8tVE0ni+/PUkbMq5Gxh+ENk3f
	ZEMsuiTVpA==
Date: Mon, 14 Mar 2022 21:10:52 +0100 (CET)
From: iio7@tutanota.com
To: Freebsd Questions <freebsd-questions@freebsd.org>
Message-ID: <My92WAE--3-2@tutanota.com>
Subject: I am worried about security in FreeBSD
List-Id: User questions <freebsd-questions.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-questions
List-Help: <mailto:questions+help@freebsd.org>
List-Post: <mailto:questions@freebsd.org>
List-Subscribe: <mailto:questions+subscribe@freebsd.org>
List-Unsubscribe: <mailto:questions+unsubscribe@freebsd.org>
Sender: owner-freebsd-questions@freebsd.org
X-BeenThere: freebsd-questions@freebsd.org
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_233802_236746365.1647288652825"
X-Rspamd-Queue-Id: 4KHSMx4WH5z3JQr
X-Spamd-Bar: ---
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=tutanota.com header.s=s1 header.b=aJOSh4qq;
	dmarc=pass (policy=quarantine) header.from=tutanota.com;
	spf=pass (mx1.freebsd.org: domain of iio7@tutanota.com designates 81.3.6.162 as permitted sender) smtp.mailfrom=iio7@tutanota.com
X-Spamd-Result: default: False [-4.00 / 15.00];
	 ARC_NA(0.00)[];
	 NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	 R_DKIM_ALLOW(-0.20)[tutanota.com:s=s1];
	 RWL_MAILSPIKE_GOOD(0.00)[81.3.6.162:from];
	 R_SPF_ALLOW(-0.20)[+ip4:81.3.6.160/28:c];
	 TO_MATCH_ENVRCPT_ALL(0.00)[];
	 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
	 PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org];
	 NEURAL_HAM_LONG(-1.00)[-1.000];
	 RCPT_COUNT_ONE(0.00)[1];
	 TO_DN_ALL(0.00)[];
	 DKIM_TRACE(0.00)[tutanota.com:+];
	 DMARC_POLICY_ALLOW(-0.50)[tutanota.com,quarantine];
	 FROM_NO_DN(0.00)[];
	 NEURAL_HAM_SHORT(-1.00)[-1.000];
	 MLMMJ_DEST(0.00)[freebsd-questions];
	 FROM_EQ_ENVFROM(0.00)[];
	 MIME_TRACE(0.00)[0:+,1:+,2:~];
	 RCVD_TLS_LAST(0.00)[];
	 ASN(0.00)[asn:24679, ipnet:81.3.0.0/18, country:DE];
	 RCVD_COUNT_TWO(0.00)[2];
	 MID_RHS_MATCH_FROM(0.00)[]
X-ThisMailContainsUnwantedMimeParts: N

------=_Part_233802_236746365.1647288652825
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

I have just finished reading through tons of security bug reports in the FreeBSD
bug report archive, and also normal bugs, and I am "scared" about the lack of
attention these issues get.

It's like no one "cares", or the few that does is simply overburden.


This proposal from 2018, with the problems it lists, still seems very valid:

https://web.archive.org/web/20210401214138/https://lists.freebsd.org/pipermail/freebsd-arch/2018-March/018892.html

Are any of you - who runs FreeBSD in production (please home labs, 
desktop/laptop use, don't reply) - not worried about the current state of affairs? Am
I missing something?

-- 
 Sent with Tutanota, the secure & ad-free mailbox. 

------=_Part_233802_236746365.1647288652825
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  </head>
  <body>
<div>I have just finished reading through tons of security bug reports in the
 FreeBSD<br></div><div dir="auto">bug report archive, and also normal bugs, and I am "scared" 
about the lack of<br></div><div dir="auto">attention these issues get.<br></div><p>It's like no one "cares", or the few that does is simply overburden.<br></p><p>This
 proposal from 2018, with the problems it lists, still seems very valid:<br></p><div dir="auto"><a href="https://web.archive.org/web/20210401214138/https://lists.freebsd.org/pipermail/freebsd-arch/2018-March/018892.html" rel="noopener noreferrer" target="_blank">https://web.archive.org/web/20210401214138/https://lists.freebsd.org/pipermail/freebsd-arch/2018-March/018892.html</a><br></div><div dir="auto"><br></div><div dir="auto">Are
 any of you - who runs FreeBSD in production (please home labs, <br></div><div dir="auto">desktop/laptop use, don't reply) - not worried about the current state 
of affairs? Am<br></div><div dir="auto">I missing something?<br></div><div><br></div><div>-- <br></div><div> Sent with Tutanota, the secure &amp; ad-free mailbox. <br></div>  </body>
</html>

------=_Part_233802_236746365.1647288652825--