Re: Microsoft Cries Wolf ( again )

[Shawn McMahon <smcmahon () eiv com>]

On Tue, Jul 01, 2003 at 05:58:10PM -0500, Schmehl, Paul L said:
> before code is released.  (OpenBSD has been doing this for years, and
> look at the results.)

Trojaned release of OpenSSH because the project leader ran a
horribly-coded IRC client on the CVS server?  A string of exploits in
OpenSSH?

What they're doing is necessary, but it's not sufficient.  Call it a
good step one.  (And lest anybody think I'm flaming OpenBSD here, it's a
step one that hardly anybody else has taken.  They're way ahead of the
curve.)

Step two is probably reducing complexity, but I'm a weak coder so
I'll shut the eff up now.


-- 
Shawn McMahon     | Let every nation know, whether it wishes us well or ill,
EIV Consulting    | that we shall pay any price, bear any burden, meet any
UNIX and Linux    | hardship, support any friend, oppose any foe, to assure
http://www.eiv.com| the survival and the success of liberty. - JFK

Attachment: _bin
Description: