Subject: Re: cvs commit: src/lib/libc/db/hash hash_buf.c
To: Jason Downs <downsj@teeny.org>
From: John S. Dyson <toor@dyson.iquest.net>
List: tech-userlevel
Date: 10/19/1996 01:26:31
>
> Ah, yes. I've been watching this thread with some amount of amusement, as
> have other OpenBSD developers.
>
> Yes, please back it out. I would rather have OpenBSD remain the most secure
> version of UNIX that money can't buy.
>
The THING about OpenBSD security is pretty much unsubstantiated. I think
that it is kind of funny (odd)... Very few outside of OpenBSD have been
provided with any kind of digest as to the security fixes... Sounds like
marketing claims to me!!!
Additionally, that "fix" was simply the wrong thing to do, and there are
better ways to deal with the problem. If the zeroing the buffer in db
was typical of the ways that others are "fixing" security, well... Sad... :-(.
John
dyson@FreeBSD.org -- FreeBSD with a heart... We offer to help...