On Fri, 11 Aug 2006, Poul-Henning Kamp wrote:
In my opinion the difference is that with NDA you place trust in a few
persons (the ones with the code), whilst with open source drivers the code
can be reviewed by all people with enough knowledge about the subject and
since peer review is an important concept in FOSS quality (and security) it
would be desirable to have free code.
While that is certainly true, I also feel that the fact that Atheros has
actively tried to work with the FOSS people to get a good driver should be
credited to them.
Other vendors have been totally impossible to work with.
Something worth observing here is that many modern device drivers, especially
more complex cards with significant offload of functionality to the card, have
closed source components -- the firmware for the device. The HAL is a tiny
wrapper around programming of a few very specific elements of the hardware
behavior to do with software radio power/frequency, etc. Compared to the size
of the closed source chunk in the firmware of many device drivers (ipw, many
RAID controllers, etc, for example), it is miniscule, and is reviewed and
maintained by an open source person. You could argue that this is
significantly more forthcoming than many other vendors, for whom firmware
binaries are entirely closed source.
Robert N M Watson
Computer Laboratory
University of Cambridge
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
