From owner-freebsd-questions@FreeBSD.ORG Fri Dec 17 16:32:09 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6B8E31065679 for ; Fri, 17 Dec 2010 16:32:09 +0000 (UTC) (envelope-from keramida@ceid.upatras.gr) Received: from igloo.linux.gr (igloo.linux.gr [62.1.205.36]) by mx1.freebsd.org (Postfix) with ESMTP id D47FF8FC15 for ; Fri, 17 Dec 2010 16:32:08 +0000 (UTC) X-Spam-Status: No X-Hellug-MailScanner-From: keramida@ceid.upatras.gr X-Hellug-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-2.9, required 5, autolearn=not spam, ALL_TRUSTED -1.00, BAYES_00 -1.90) X-Hellug-MailScanner: Found to be clean X-Hellug-MailScanner-ID: oBHGVtn1029790 Received: from gkeramidas-glaptop.linux.gr ([74.125.57.36]) (authenticated bits=0) by igloo.linux.gr (8.14.3/8.14.3/Debian-9.4) with ESMTP id oBHGVtn1029790 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 17 Dec 2010 18:32:01 +0200 From: Giorgos Keramidas To: jackoroses@gmail.com References: Date: Fri, 17 Dec 2010 17:31:49 +0100 In-Reply-To: (Mike L.'s message of "Fri, 17 Dec 2010 10:36:39 -0500") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD IPSec stack contains backdoors? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Dec 2010 16:32:09 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On Fri, 17 Dec 2010 10:36:39 -0500, Mike L wrote: > On Fri, Dec 17, 2010 at 4:31 AM, Giorgos Keramidas = wrote: >> The FreeBSD security officer team has already written an official >> response about this. Please have a look at: >> >> http://lists.freebsd.org/pipermail/freebsd-security/2010-December/005746= .html > > Reads like an unacceptable response to an issue that seems quite critical. On Fri, 17 Dec 2010 11:11:17 -0500, Mike Tancsa wrote: > Strange, reads like a totally reasoned response to me to an issue that > is somewhere between a practical joke and something critical. I will > go with the SECTeam's assessment. They have a proven track record for > assessing and dealing with security issues. Mike L, unacceptable or not this is the response of people who have been involved with FreeBSD security for a long time. I think their response is reasonable, given the out-of-scale proportions that the entire issue seems to have been blown into when magazine-style web sites picked it up and started 'decorating' the original email of Theo with their own view of what the message between the lines MIGHT have been. The role of the security officer team is not to take an issue that has been blown entirely out of proportion and add to the FUD. It's their responsibility to handle security incidents on a fact-based basis, and there are very little "real facts" out there about this particular theory right now. I don't know why you consider the security officer reply `unacceptable', but I'm relatively sure you will agree that they are quite sensible when they say: As always, anyone who believes that they have found a vulnerability affecting FreeBSD is requested to contact secteam at freebsd.org. I think that's a quite reasonable, sensible and down to earth thing to say. The rest of what the interwebs seems to be writing about these particular allegations are, to the best of my current knowledge, just a conspiracy theory trying to become as public as possible. I too will agree with Mike Tansa. I'll go 100% with the SECTeam=E2=80=99s assessment. They have a proven track record for assessing and dealing with security issues. =2D----------------------------------------------------------------------- Note: Let's keep the email traffic of security-officer down a bit. They don't really have to get Cc: copies of *all* the email messages of all the people subscribed to freebsd-questions. It's probably annoying and it may even turn out to be a waste of their time, or even obstruct them From=20seeing other, really *important* stuff about security issues. =2D----------------------------------------------------------------------- --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk0LkHYACgkQ1g+UGjGGA7ZxnACgvrxdwphKF9WDwiueR+Vbnfos KXMAmgOxYJveTHTDucQe346mFG0KZEuC =cdOG -----END PGP SIGNATURE----- --=-=-=--