On 04/02/12 05:56, Tom Evans wrote: > On Sat, Mar 31, 2012 at 3:42 AM, Richard Yao <r...@cs.stonybrook.edu> wrote: >>> There are no security implications, no system resources to be wasted. >>> >>> And if you think there are security implications, then lets see a >>> proof-of-concept. >> >> If I find time to write a proof-of-concept, I promise to publish it >> publicly. Your security team will find out when everyone else does. > > Richard, I'm not sure what you are trying to accomplish here. You have > had a clear explanation of why certain things are done in a certain > way in the FreeBSD codebase, and a confirmation that they do not think > it causes any security issues in FreeBSD. > > Your response is to threaten to write an exploit against FreeBSD, and > distribute it publicly before disclosing to security@.
Some people believe that projects that do not take proper countermeasures against security vulnerabilities do not deserve to have special notification of issues. I happen to be one of them. > Are you trying to be an ass? Someone disagrees with you on the > internet, so you throw all the toys out the pram? I suggest that you look at things from my perspective. I asked a simple question on your mailing list. I then received several private emails from various FreeBSD developers insulting my intelligence for the act of asking a question. Who is the "ass" here?
signature.asc
Description: OpenPGP digital signature
