-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I do not believe that they, are specifically ignoring OpenBSD, I believe they are ignoring the BSDS in general. Perhaps someone notified FreeBSD but nobody notified the DragonflBSD team either.
On 06/05/2014 09:27 PM, Theo de Raadt wrote: > There are two main open-source processes for dealing with discovery of > security issues and disclosure of that information to the greater > community. > > - One common process is that generally followed by OpenBSD. In this > proocess a bug is found, and a fix is commited as soon as the > improvement is known to good. Then if an asssement has been done, and > it is determined to be important, disclosure occurs, of course after > the commit is already public. Everyone including the vendors had the > opportunity to get the information in a fair and equal way. > > - The other main process used by some open source groups, is to > quarantine important repairs. A fix is firsst disclosed all affected > parties, or at least the right concerned subset. This creates a delay > before information availability, but the coordination is intended to > provide a benefit. Everyone generally gets the information in a fair > and equal way. > > Both processses have their place. Each software group has their own > limitations and needs which will drive their selection. > > > Is clear that the second process -- intending to also take an ethical > path for disclosure -- should not specifically exclude a part of the > community. > > > Unfortunately I find myself believing reports that the OpenSSL people > intentionally asked others for quarantine, and went out of their way > to ensure this information would not come to OpenBSD and LibreSSL. > > There, I've said it. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTkWpWAAoJEMrvovfl62c8xQMH/R/bLRaZMW3qwRqdLp/ZdXk4 mR48+AzYga+Pz45UZApdVPPOhvsOy0lLXlNJFWGGcAfrucZKN94P8enKuhWztgel EINhbFSlxnW3HbvCeOJt1O9xhciW2RJRE9ii669Wfsx+FmceU9sSBWNcQljDFOTJ d4sHPa+EQ88Xs7DCOwDAB8iMlhk9lJcnbGPkscAoBQlv8vjjiU1GGbJYcgCvQ6Gr sp6ts3mNscEx9NtXOGo/D7gWgIrAZTwW8Ni6NtuE4LnKoBAUY4oA4wXb/1gF/8/G hljNyLMVBJKYBySzt1Q+g+ifBsJg3xGCi00tjASIusjXcQFO55zcRfQ65ZHFAPg= =u19g -----END PGP SIGNATURE-----
