From owner-freebsd-security@freebsd.org  Wed Mar  7 15:32:50 2018
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6E03EF3787E
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Wed,  7 Mar 2018 15:32:50 +0000 (UTC)
 (envelope-from marquis@roble.com)
Received: from mx5.roble.com (mx5.roble.com [209.237.23.5])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mx5.roble.com", Issuer "mx5.roble.com" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 1502C7B43D
 for <freebsd-security@freebsd.org>; Wed,  7 Mar 2018 15:32:49 +0000 (UTC)
 (envelope-from marquis@roble.com)
Received: from roble.com (roble.com [209.237.23.50])
 by mx5.roble.com (Postfix) with ESMTP id 27ED73D6EB
 for <freebsd-security@freebsd.org>; Wed,  7 Mar 2018 07:31:33 -0800 (PST)
Date: Wed, 7 Mar 2018 07:31:33 -0800 (PST)
From: Roger Marquis <marquis@roble.com>
To: freebsd-security@freebsd.org
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-18:02.ntp
In-Reply-To: <5131394d-c614-229a-8966-aa3ebaca74b2@nwtime.org>
Message-ID: <nycvar.OFS.7.76.1803070725100.8841@mx.roble.com>
References: <20180307071008.BB2B6447F@freefall.freebsd.org>
 <5131394d-c614-229a-8966-aa3ebaca74b2@nwtime.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Mar 2018 15:32:50 -0000

Harlan Stenn wrote:
> I still think y'all write great security advisories, and I keep aiming
> to get our "originals" up to your quality.

High quality work to be sure.  It is still unfortunate that time had to
be wasted on this (and other ntpd advisories).  Much time and insecurity
could have been saved by migrating ntpd to ports and openntpd to base.

One too many cases exactly like this are why OpenBSD and HardenedBSD
forked of course, but it is still not at all clear why openntpd and
other tested and proven security changes haven't been pulled in to
FreeBSD.

Roger Marquis