From owner-freebsd-chat  Wed Sep  4 23:44:36 1996
Return-Path: owner-chat
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id XAA26166
          for chat-outgoing; Wed, 4 Sep 1996 23:44:36 -0700 (PDT)
Received: from rocky.mt.sri.com (rocky.mt.sri.com [206.127.76.100])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id XAA26140
          for <chat@freebsd.org>; Wed, 4 Sep 1996 23:44:32 -0700 (PDT)
Received: (from nate@localhost) by rocky.mt.sri.com (8.7.5/8.7.3) id LAA00851; Wed, 4 Sep 1996 11:35:36 -0600 (MDT)
Date: Wed, 4 Sep 1996 11:35:36 -0600 (MDT)
Message-Id: <199609041735.LAA00851@rocky.mt.sri.com>
From: Nate Williams <nate@mt.sri.com>
To: Terry Lambert <terry@lambert.org>
Cc: dg@root.com, nate@mt.sri.com, darrend@novell.com, chat@freebsd.org
Subject: Re: FreeBSD vs. Linux 96 (my impressions) - Reply
In-Reply-To: <199609041726.KAA06713@phaeton.artisoft.com>
References: <199609040200.TAA03938@root.com>
	<199609041726.KAA06713@phaeton.artisoft.com>
Sender: owner-chat@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> As to elitism in OpenBSD inre: the security fixes, I really think that
> depends on how you ask, doesn't it?  One method is to confront the
> people involved (who happen to be involved there instead FreeBSD or
> NetBSD because they believe they are granted a "moral high ground"
> by their involvement with OpenBSD).  Because of the way humans work,
> this is unlikely to be a successful strategy; this should be obvious
> to even the most casual observer of human nature, and shouldn't take
> an observation from someone who mathematically models group dynamics
> to become readily apparent.
> 
> 
> An alternate approach to the problem of finding out what the security
> fixes are would be to ask their CVS log.  This is permitted, encouraged,
> and has the side effect of removing the moral coloring from the answer
> you receive.

And also it a lot more (completely un-necessary) work.


Theo: 
I fixed a security bug in OpenBSD that exists in every other OS known to
man, but I'm not telling you where in the system it is.  But, it's a
baaaad bug, and you should be very scared of it.

Response:

# cvs co src
# find . -type f -print | xargs cvs log 

Look through *every* single file in the system looking for 'security'
fix, which may/may not be logged as such to deter any casual observer
from seeing the bug, thus 'disclosing' the bug and making other systems
vulnerable because of OpenBSD's 'partial disclosure' policy.


Nate