From owner-freebsd-security@FreeBSD.ORG Fri Aug 11 09:03:56 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5342516A4DA for ; Fri, 11 Aug 2006 09:03:56 +0000 (UTC) (envelope-from freebsd4@fadesa.es) Received: from fuego.fadesa.es (fuego.fadesa.es [195.55.55.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5FEF143D45 for ; Fri, 11 Aug 2006 09:03:54 +0000 (GMT) (envelope-from freebsd4@fadesa.es) Received: (from root@localhost) by fuego.fadesa.es (8.9.3p2/8.8.8) id KAA27779 for ; Fri, 11 Aug 2006 10:57:23 +0200 Received: from tierra.fadesa.es(195.55.55.7) by fuego.fadesa.es Fri, 11 Aug 06 10:57:15 +0200 Received: from [195.55.55.6] (filemon.fadesa.es [195.55.55.6] (may be forged)) by tierra.fadesa.es (8.9.3p2/8.8.8) with ESMTP id LAA06819 for ; Fri, 11 Aug 2006 11:03:19 +0200 Message-ID: <44DC47D7.2050908@fadesa.es> Date: Fri, 11 Aug 2006 11:03:19 +0200 From: =?ISO-8859-1?Q?=22Jos=E9_M=2E_Fandi=F1o=22?= User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.13) Gecko/20060417 X-Accept-Language: gl, es, en MIME-Version: 1.0 To: freebsd-security@freebsd.org References: <19518.1155238010@critter.freebsd.dk> In-Reply-To: <19518.1155238010@critter.freebsd.dk> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Logged: Logged by tierra.fadesa.es as LAA06819 at Fri Aug 11 11:03:19 2006 Subject: Re: atheros chips dangerous? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 09:03:56 -0000 Poul-Henning Kamp wrote: > In message <20060810130331.X94142@3jane.math.ualberta.ca>, Barkley Vowk writes: > >>On Thu, 10 Aug 2006, Poul-Henning Kamp wrote: >> >>>The Atheros driver in FreeBSD is maintained and compiled by Sam Leffler, >>>who has been around since BSD 4.2 in the early eighties sometimes. >>> >>>I trust Sam. >> >>I don't think that quite answers his question however. Its not so much a >>matter of trusting Sam, but a matter of trusting that Sam had enough >>access to the binary objects in question to have eliminated the errors in >>them. > > Sam compiled those binaries, he has the source code. > > And it is a matter of trust. from the phk's comments I deduce that it was a NDA between Atheros and FreeBSD. In my opinion the difference is that with NDA you place trust in a few persons (the ones with the code), whilst with open source drivers the code can be reviewed by all people with enough knowledge about the subject and since peer review is an important concept in FOSS quality (and security) it would be desirable to have free code. this answers to my question, thanks you.