This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Brm0le8XSWtQUgIkcvVj5GvFmEXSX9kNh Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 4/14/2014 7:32 AM, Jamie Landeg-Jones wrote: > Matt Dawson <[email protected]> wrote: >=20 >> My first thought when I saw this was "ego over ethics," which says mor= e >> about Theo than FreeBSD. >=20 > Totally. >=20 > I know Theo has a reputation for being 'difficult', but in my opinion, > this outburst really calls into question his perceived motivations > regarding secure software. >=20 > As to the specific question, I don't think his ego would allow a bug > in openssh to persist, so even if it does, I'd suspect it's not too > serious (or it's non-trivial to exploit), and it's related to FreeBSD > produced 'glue'. >=20 > This is total guesswork on my part, but I'd therefore assume he was > talkining about openssh in base, rarther than openssh-portable in > ports. >=20 As the maintainer of the port I will say that your security decreases with each OPTION/patch you apply. I really would not be surprised if one of the optional patches available in the port had issues. --=20 Regards, Bryan Drewery --Brm0le8XSWtQUgIkcvVj5GvFmEXSX9kNh Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTUiGGAAoJEDXXcbtuRpfPTNoIANblIe8v5jAl4QNT8FapyKtw 0SN5a0qHyLKPGhE1gTBsiZabM/B3hR1d62ph0U4L+fGv/+pBlaO1KmGBg5Oekjf8 MzTEJPC7veQeEFCZDgu0hVTiPYLAA0MtwmSkxgVu8Dppm3pDE/07mj/sZvW+kMSA vxWLg+xmJq4SjbW3srA0kHHOw9a22wIIQMiGXmNAruLlXa49eWzDRUXfpkX/3S0D 0/ks4AgQ2FC+62MY/FG4waOjVWtX7zamPDSk+JmgRVFPlaDdRirTpmqIR91aFeud 1mlpV4VUAvDxeSTjk5bKV4kD+nCg2IpXaTo14fXDFk7B1fnihOPPZul483LcuJk= =5Okr -----END PGP SIGNATURE----- --Brm0le8XSWtQUgIkcvVj5GvFmEXSX9kNh--