undefined | Better HN

0 pointscperciva7y ago0 comments

Balls were definitely dropped. My understanding of the Lazy FPU event is that (a) someone at Intel asked if OpenBSD signed NDAs and was told no, then shrugged their shoulders and didn't pursue it any further; and (b) someone at OpenBSD tried to get in touch with Intel, but didn't talk to the right people (Intel is very siloed), and didn't get anywhere.

I've witnessed conversations since then between Intel people and FreeBSD people basically consisting of FreeBSD people saying "you guys really need to include OpenBSD" and Intel people saying "yeah... can you help get us connected with the right people?" so I don't think it's fair to suggest that OpenBSD is being purposely excluded.

Is OpenBSD supposed to comply with secret terms

I think that OpenBSD should follow the norms of the security community, i.e., contacting other operating system vendors and coordinating disclosures -- regardless of how they come across a vulnerability.

0 comments

1 comments · 1 top-level

throwaway20487y ago

So whats the incentive for them to do so?

So that one day they might get invited to the cool kids secret club?

Not breaking embargoes doesn't seem to have done that for them yet.

Instead we get people like you FUDing about how they are unable to keep secrets and are justifiably being blocked from information.

I'd rather they look out for me, a user, than get the worst of both worlds, just because one day it might pay off.

these kind of memes last literally forever, in 10 years they will still be talking about how OpenBSD "broke" the KRACK embargo, and we shouldn't tell them anything.

j / k navigate · click thread line to collapse