From owner-freebsd-security@FreeBSD.ORG Fri Aug 11 09:24:28 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2D53216A4DD for ; Fri, 11 Aug 2006 09:24:28 +0000 (UTC) (envelope-from phk@phk.freebsd.dk) Received: from phk.freebsd.dk (phk.freebsd.dk [130.225.244.222]) by mx1.FreeBSD.org (Postfix) with ESMTP id C490C43D6A for ; Fri, 11 Aug 2006 09:24:27 +0000 (GMT) (envelope-from phk@phk.freebsd.dk) Received: from critter.freebsd.dk (critter.freebsd.dk [192.168.48.2]) by phk.freebsd.dk (Postfix) with ESMTP id D59C61703F; Fri, 11 Aug 2006 09:24:25 +0000 (UTC) To: =?ISO-8859-1?Q?=22Jos=E9_M=2E_Fandi=F1o=22?= From: "Poul-Henning Kamp" In-Reply-To: Your message of "Fri, 11 Aug 2006 11:03:19 +0200." <44DC47D7.2050908@fadesa.es> Date: Fri, 11 Aug 2006 09:24:25 +0000 Message-ID: <38802.1155288265@critter.freebsd.dk> Cc: freebsd-security@freebsd.org Subject: Re: atheros chips dangerous? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 09:24:28 -0000 In message <44DC47D7.2050908@fadesa.es>, =?ISO-8859-1?Q?=22Jos=E9_M=2E_Fandi=F1 o=22?= writes: >> Sam compiled those binaries, he has the source code. >> > And it is a matter of trust. > >from the phk's comments I deduce that it was a NDA between Atheros >and FreeBSD. The NDA is between Atheros and Sam Leffler. >In my opinion the difference is that with NDA you place trust in >a few persons (the ones with the code), whilst with open source >drivers the code can be reviewed by all people with enough >knowledge about the subject and since peer review is an important >concept in FOSS quality (and security) it would be desirable >to have free code. While that is certainly true, I also feel that the fact that Atheros has actively tried to work with the FOSS people to get a good driver should be credited to them. Other vendors have been totally impossible to work with. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.