you sat tomato, ddwrt or openWRT ?

[D. Hugh Redelmeier]

| From: Jamon Camisso <jamon.camisso-H217xnMUJC0sA/PxXw9srA at public.gmane.org>

| > In particular, one comment directed me to this dd-wrt forum thread
| > <http://www.dd-wrt.com/phpBB2/viewtopic.php?t=35783&postdays=0&postorder=asc&start=0>
| > After reading it I don't think I'll run dd-wrt.
| 
| Why not? The main developer actively responded in the thread, most devs don't even bother lurking on their project's forums.
| 
| That thread is also from 2 years ago -- if it was all that bad I'd expect the project would have folded by now, but it hasn't. So, honest mistake, that was corrected, more than 2 years ago, no reason to write off the whole project.

A proper approach to security does not involve quietly fixing a bug in
the next release.  It involves:

- announcing the problem quickly, widely, and clearly.  Including any
  work-arounds

- quickly issuing a fix.  But not too quickly: too much haste may well
  create new security holes or other bugs.

- investigating why the problem was created: when there is one
  problem, there is often another

- a certain level of humility

None of these were done in this case.  Even when prompted, all that
resulted was push-back.

Security is very high on my list of requirements for a router because
it is usually the most exposed attack surface in my world.
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists