From owner-freebsd-current Wed Feb 5 21:10:06 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id VAA08227 for current-outgoing; Wed, 5 Feb 1997 21:10:06 -0800 (PST) Received: from shell.wco.com (root@shell.wco.com [199.4.94.16]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id VAA08176 for ; Wed, 5 Feb 1997 21:09:57 -0800 (PST) Received: from zellion.cyberwind.com (zellion.cyberwind.com [199.4.109.223]) by shell.wco.com (8.8.5/8.6.12) with ESMTP id VAA27820; Wed, 5 Feb 1997 21:09:19 -0800 (PST) Message-Id: <199702060509.VAA27820@shell.wco.com> From: "Jeffery T. White" To: "Craig Shaver" , "Jordan K. Hubbard" Cc: Subject: Re: Karl fulminates, film at 11. == thanks Date: Wed, 5 Feb 1997 21:15:10 -0800 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1155 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-current@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk I usually maintain a silent interest in this mailing list being just a end user of FreeBSD (2.1.5) how ever having copied all three threads off to the side and read them thoroughly I have a few comments: > The people here are working very hard and they are NOT paid for all > the extra hassle that this kind of security scare engenders (most are > not paid to deal with ANY FreeBSD related hassles). To heap abuse and > scorn on them for something they have given you for free strikes me as > both ungrateful and petty, and I hope to see a lot less of it in the > future or what joy I and others continue to derive from this project > will evaporate and you and others will have killed the golden goose > for its failure to lay eggs fast enough to your liking. > > Jordan This in my mind puts the whole thing in perspective, this is the Golden Goose and if someone hacks my system because of a bug and I have major problems well so what, the amount of time I spend fixing it doesn't even count as a rounding error to the time these people have contributed for free. If I had paid a bunch of money I might be pissed but I didn't... >From Karl in Question 2.1.7?: > and I note, HE asked for that time -- not me. But barring some kind of > RATIONAL resolution on this that I can see within the next two hours, > the announcements *ARE* going out to the general Internet community (at > roughly 8:00 PM tonight Chicago time). So what your saying Karl is your going to run out and in a effort to _get_ the FreeBSD team tell every hacker on earth how they can hack all the innocent 2.1.6 end-users? Do me a favor Karl, let me know what OSs and versions you _care_ (used very loosely!) about so I never use them, your kind of _help_ I can do without. For gods sake before you open expose all the 2.1.6 users take a moment to think! >From Karl in Question 2.1.7?: > What I'm demanding is that you ADMIT IT IS BROKEN, and help stop people > from being burned by it. You can't save the world, but you CAN mitigate > further damage. You do this by WARNING PEOPLE and giving them fair notice > *BEFORE* their disks get formatted or moles inserted into their systems > which 99% of the admins will NEVER find. The previous was sent 2 hours after Jordan wrote: > 1. We're going to roll another release to fix the problem. > I've talked it over with core and I'm only waiting on Joe > at this point to commit his proposed fix. > This sure sounds like an admission of a bug and a plan to fix, what exactly are you looking for when you say "ADMIT IT IS BROKEN" Karl? Do you want the people who work for free to grovel at your feet? Well I have said enough on the past. A few future things: Craig Shaver wrote: > I would like to help with some of this if possible. I could put in a > few hours to go through some of the code. I think I understand what > the problems are regarding buffer overflows. However, like many > people I have no idea of where to start, who is doing what, or who to Me Too! I've programmed professionally for years, I don't know all that much about the FreeBSD code and am not up on CVSUP -current but I'm willing to help in any way I can. I'll see what comes out on the list that I can look at. On a related note, now that the OJ thing basically is over, would anyone mind if I take all three of these threads and publish them? No soap opera or OJ trail ever came close to the passionate battle just waged, I'm sure I can make money selling this! ;-) | Jeffery T. White | email: zellion@cyberwind.com | | Cyberwind, The wind knows... | http://www.cyberwind.com