FreeBSD OpenSSH Hole? (opens in new tab)

(article.gmane.org)

50 pointsconformal12y ago12 comments

12 comments

11 comments · 5 top-level

Demiurge12y ago· 4 in thread

>Sometimes I feel a bit sorry for them (and for him), but then the next minute I don't feel sorry because there's damn good reasons they won't be told about what I found.

This is hard to believe, is this the leader of the OpenBSD project saying he won't tell anyone at FreeBSD if he finds a hole that affects every FreeBSD installation? Or am I misunderstanding that message?

aspidistra12y ago

Here's some previous, from de Raadt, Dec 2013:

"Basically, it is 10 years of FreeBSD stupidity. They don't know a thing about security. They even ignore relevant research in all fields, not just from us, but from everyone."

http://www.itwire.com/business-it-news/open-source/62641-cry...

Demiurge12y ago

He might think they're stupid, that's not hard to believe. What's hard to believe is that he's altruistic enough to work on a huge open source project, but not enough to inform someone else of a hole that would affect a lot of people.

jnbiche12y ago

Yeah, what is the world is this about? Can anyone clue us in?

matthewmacleod12y ago

Pretty straightforward — Theo De Raadt is quite a well-known "controversial" character, and he's pretty blunt with it, too. Remember, he's the guy who was punted from NetBSD for "[a] long history of rudeness towards and abuse of users and developers," and the guy who Linus Torvards described as "difficult."

He's also an astoundingly capable, effective and security-focused developer. This means that there's probably a hole in the FreeBSD distribution of OpenSSH that he's aware of any has not disclosed. Dickish behaviour, but that's his MO, so there's little to be surprised about.

1 more reply

jlgaddis12y ago· 1 in thread

See this e-mail from Bob Beck (of the OpenBSD Foundation):

http://article.gmane.org/gmane.os.openbsd.tech/35728

There is no security hole, he says.

roeme12y ago

This mail dates earlier than the OP linked. See http://thread.gmane.org/gmane.os.openbsd.tech/35722/ for a threaded view.

Sprint12y ago· 1 in thread

No, just someone crumpy about lack of funding.

pyvpx12y ago

yeah, I'd be grumpy too if everyone uses your SSH implementation and can't even be arse'd to buy a friggin' CD or a t-shirt...then pooh-pooh the entire OpenBSD project, probably over that very SSH implementation.

don't let reality hurt your tender sensibilities ;)

pvg12y ago

Context-free mailing list drama (starring Theo de Raadt)? Seems perfectly flagworthy.

icantthinkofone12y ago

Theo is Sloppy Mo: https://www.youtube.com/watch?v=MnXZB9SkS44

j / k navigate · click thread line to collapse