[GTALUG] interesting article on FreeBSD kernel almost getty dangerous code
James Knott
james.knott at jknott.net
Sun Mar 28 17:18:56 EDT 2021
Netgate did pay the programmer. Also, my understanding is that many
open source developers do the work while being paid by their employer to
do it.
On 2021-03-28 4:39 p.m., William Park via talk wrote:
> Solution: pay the testers and programmers.
>
> On 3/28/21 2:47 PM, D. Hugh Redelmeier via talk wrote:
>> <https://arstechnica.com/gadgets/2021/03/buffer-overruns-license-violations-and-bad-code-freebsd-13s-close-call/>
>>
>>
>> Summary: a WireGuard port to FreeBSD was sponsored by Northgate (pfSense
>> company). The port was of poor quality and dangerously so. Nobody
>> caught
>> it until after pfSense was released with it, and just before FreeBSD
>> released it. The messenger was tortured, but not shot.
>>
>> Bonus: the guy who ported the code was a felon / bad landlord.
>>
>> Lesson: open source software does not get enough quality control.
>> Especially code that might affect security. Some Linux distros
>> attempt QC
>> (e.g. RedHat) but I'm sure it is inadequate.
>> ---
>> Post to this mailing list talk at gtalug.org
>> Unsubscribe from this mailing list
>> https://gtalug.org/mailman/listinfo/talk
>
> ---
> Post to this mailing list talk at gtalug.org
> Unsubscribe from this mailing list
> https://gtalug.org/mailman/listinfo/talk
More information about the talk
mailing list