, 2006-01-18
A recently announced weakness in the BSD securelevel system isn't going to be fixed in OpenBSD. While securelevel may have problems, the vendor's security response is unacceptable and doesn't fit with their stated goals.
Expand all |
Post comment
How not to respond to a security advisory
2006-01-19
Miles (3 replies)
Miles (3 replies)
How not to respond to a security advisory
2006-01-25
Michael Favinsky (1 replies)
Michael Favinsky (1 replies)
OpenBSD didn't choose to "let it die on the vine" (it still ships, vulnerability-and-all). They just aren't fixing it because it's one less security bug for them to admit to.
Your post is typical of the attitude of Theo and a few other OpenBSD devs -- an attitude that ultimately renders the project's stated goal of a more secure system more difficult to achieve.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/380/33026#33026