From owner-freebsd-security@freebsd.org  Mon Dec 17 15:26:56 2018
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id B9A071342FC7
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Mon, 17 Dec 2018 15:26:56 +0000 (UTC)
 (envelope-from marquis@roble.com)
Received: from mx5.roble.com (mx5.roble.com [209.237.23.5])
 (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits))
 (Client CN "mx5.roble.com", Issuer "mx5.roble.com" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 07CE872B34
 for <freebsd-security@freebsd.org>; Mon, 17 Dec 2018 15:26:55 +0000 (UTC)
 (envelope-from marquis@roble.com)
Received: from roble.com (roble.com [209.237.23.50])
 by mx5.roble.com (Postfix) with ESMTP id 6DD788514D
 for <freebsd-security@freebsd.org>; Mon, 17 Dec 2018 07:26:54 -0800 (PST)
Date: Mon, 17 Dec 2018 07:26:54 -0800 (PST)
From: Roger Marquis <marquis@roble.com>
To: freebsd-security@freebsd.org
Subject: Re: SQLite vulnerability
In-Reply-To: <CA+QLa9D4vC7ZOEHV0zPMzAE_dubM9msdaW_Ag-igJe7aubD2oA@mail.gmail.com>
Message-ID: <nycvar.OFS.7.76.444.1812170708140.59073@mx.roble.com>
References: <nycvar.OFS.7.76.444.1812160753280.5993@mx.roble.com>
 <CA+QLa9D4vC7ZOEHV0zPMzAE_dubM9msdaW_Ag-igJe7aubD2oA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
X-Rspamd-Queue-Id: 07CE872B34
X-Spamd-Bar: +++
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [3.61 / 15.00]; ARC_NA(0.00)[];
 FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[];
 NEURAL_SPAM_SHORT(0.87)[0.871,0]; MIME_GOOD(-0.10)[text/plain];
 TO_DN_NONE(0.00)[];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org];
 AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1];
 NEURAL_SPAM_MEDIUM(0.92)[0.916,0]; RCVD_TLS_LAST(0.00)[];
 MX_GOOD(-0.01)[cached: mx4.roble.com];
 NEURAL_SPAM_LONG(0.95)[0.950,0]; DMARC_NA(0.00)[roble.com];
 R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[];
 MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:17403, ipnet:209.237.0.0/18, country:US];
 RCVD_COUNT_TWO(0.00)[2]; IP_SCORE(-0.02)[country: US(-0.08)]
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Dec 2018 15:26:56 -0000

Robert Simmons acerbically replied:
> Since you may not read that essay on open source software, here is the
> salient point for you:
>   - For users: remember when filing an issue, opening a pull request or
>   making a comment on a project to be grateful that people spend their free
>   time to build software you get to use for free. Keep your frustrations and

The problem with Robert Simmons' line of reasoning:

  a) keeping vulxml up to date is a fixable problem, and

  b) ignoring the critical role of FreeBSD's security teams will only
     result in FreeBSD boxes being hacked and end-users migrating to
     Linux.

Considering the lack of technical or logical arguments being made
against, for example, larger security teams or security team funding
(after all, we're only talking about timely entries in the vulnerability
database) it would not be unreasonable to conclude that opposition
viewpoints are simply Linux advocates.

Roger Marquis