From owner-freebsd-security Sun May 21 19:54:10 2000 Delivered-To: freebsd-security@freebsd.org Received: from berlin.atlantic.net (berlin.atlantic.net [209.208.0.20]) by hub.freebsd.org (Postfix) with ESMTP id C529C37C050; Sun, 21 May 2000 19:54:02 -0700 (PDT) (envelope-from bobj@atlantic.net) Received: from mail.atlantic.net (mail.atlantic.net [209.208.0.71]) by berlin.atlantic.net (8.9.3/8.9.3) with ESMTP id WAA18790; Sun, 21 May 2000 22:58:28 -0400 Received: from bsd.cisi.com (ocalflifanb-as-1-r1-ip-574.atlantic.net [209.208.17.66]) by mail.atlantic.net (8.9.3/8.9.3) with ESMTP id WAA08966; Sun, 21 May 2000 22:53:57 -0400 Received: from nancy.cisi.com (nancy.cisi.com [192.168.0.131]) by bsd.cisi.com (8.9.3/8.9.3) with SMTP id WAA74328; Sun, 21 May 2000 22:51:49 -0400 (EDT) (envelope-from bobj@atlantic.net) Message-Id: <3.0.6.32.20000521225111.0083bb10@rio.atlantic.net> X-Sender: bobj@rio.atlantic.net X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.6 (32) Date: Sun, 21 May 2000 22:51:11 -0400 To: rwatson@FreeBSD.org From: Bob Johnson Subject: NAI, PGP, and FreeBSD (was Re: HEADS UP: New host key for freefall!) Cc: security@FreeBSD.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Date: Thu, 18 May 2000 11:31:53 -0400 (EDT) >From: Robert Watson >Subject: Re: HEADS UP: New host key for freefall! > >On Thu, 18 May 2000, Martin Machacek wrote: > >> On 17-May-00 Garrett Wollman wrote: >> > Perhaps all the FreeBSD people are using either 2.6.2 or GnuPG, so >> > they really don't care whether the commercial product exists or not. >> > I use GnuPG, personally, since then I don't have to worry about any >> > licensing issues at all. >> >> I'm using Linux version of PGP 6.5.2 on FreeBSD 3.3 without any >> problems. Maybe that's another reason ... > >For all interested: I contacted the appropriate NAI/PGP developers to find >out about a native FreeBSD build a few weeks ago. The response was that >they have seen zero (0) demand for a FreeBSD build, and therefore don't B.S. - I asked their sales droids about it within the past two months. >believe there is a substantial market to support a porting effort. I >would tend to believe it's one of these, ``If you don't build it, they >won't come'' kind of things, as well as that the communication channels >between sales and development on that side are quite weak--prior to >joining NAI, I spent literally hours on the phone trying to register my >copy of PGP and failed to give them money :-(. I think this is a significant issue. I decided a year ago that it was useless to contact NAI about anything, so I don't bother. I spent five months trying to renew + upgrade a 200 user license and never got anywhere. I'd rather give my money to someone who cares. I've since changed jobs, and at my new one I attended a presentation by NAI-affiliated sales droids who were trying to convince us to use them for a 20,000-node site license. I asked them if they supported FreeBSD. They laughed and said "no". Didn't make me inclined to support them, particularly since some of the other companies looking for our business seemed much more interested in (and capable of) supporting Unix in general. > >However, I think an organized campaign here would make a difference--if >your company has an NAI/PGP sales rep, let them know that you're >interested in a native FreeBSD build. In particular, let them know if you >are willing to spend money--there's no point in building a visible demand >that falls through on the sales side, making it less likely to happen next >time :-). I already did that. As I said above, they laughed. And apparently didn't pass the word up the line. The sales droids (for any AV vendor) seem to have a hard time understanding why they should support an O/S that is installed on so few computers. I've tried to explain to them that, for example, when I set up a mail server to support 200 Windows systems, it runs FreeBSD. By supporting a FreeBSD mail server, they aren't just supporting one computer, they are supporting hundreds of computers. If they happen to be a company that supports some variation on Unix, they usually ask why I don't use that (usually Linux or Solaris). I tell them I use FreeBSD because I'd rather use a server whose developers have been thinking about security for years rather than months. Their strategy is to support the OS that they perceive to have the most users. The users, of course, tend to select the OS that they perceive as supported by the most vendors. The result is a sort of drunkard's walk in which the random noise generated by "journalists" who write articles based on a week of "evaluations" decides who is going to support what. If the vendors would instead support the OS best suited to the job, the users would tend to follow them. In any case, my experience with NAI suggests that we would be better off putting our energy into convincing just about any other AV vendor to support FreeBSD. What good does it do us for NAI to support FreeBSD if we can't actually buy their products? > > Robert N M Watson > >robert@fledge.watson.org http://www.watson.org/~robert/ >PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 >TIS Labs at Network Associates, Safeport Network Services > - Bob +-------------------------------------------------------- | Bob Johnson | bobj@atlantic.net +-------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message