Date: Sat, 19 Oct 1996 01:26:31 -0500 (EST) From: "John S. Dyson" <toor@dyson.iquest.net> To: downsj@teeny.org (Jason Downs) Cc: ache@nagual.ru, dg@root.com, gritton@byu.edu, freebsd-hackers@freebsd.org, tech-userlevel@netbsd.org, misc@openbsd.org Subject: Re: cvs commit: src/lib/libc/db/hash hash_buf.c Message-ID: <199610190626.BAA02729@dyson.iquest.net> In-Reply-To: <199610190139.SAA12584@threadway.teeny.org> from "Jason Downs" at Oct 18, 96 06:39:15 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > Ah, yes. I've been watching this thread with some amount of amusement, as > have other OpenBSD developers. > > Yes, please back it out. I would rather have OpenBSD remain the most secure > version of UNIX that money can't buy. > The THING about OpenBSD security is pretty much unsubstantiated. I think that it is kind of funny (odd)... Very few outside of OpenBSD have been provided with any kind of digest as to the security fixes... Sounds like marketing claims to me!!! Additionally, that "fix" was simply the wrong thing to do, and there are better ways to deal with the problem. If the zeroing the buffer in db was typical of the ways that others are "fixing" security, well... Sad... :-(. John dyson@FreeBSD.org -- FreeBSD with a heart... We offer to help...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610190626.BAA02729>