On 2019-12-31 05:19, g...@isdaq.com wrote: > he completely misses the mark. > rather than think "hmm 75% of commits are only 20 chars or less which seem
Having watched the video now, that particular part of the talk is poor. He doesn't seem to even know that stable exists. My original thought was that there were mal intent. I think not now, unless it has been shaped by criticism. It is a highly complex talk and I am sure there are parts where he is short on knowledge but got threw in the deep end of making a talk comprehensive and trying to look as competent as possible. He could lose a bit of arrogance and is wrong in a few places. I don't actually even agree with his security quotes entirely as with everything it depends on context like mitigations cannot be taken alone, without the context of other mitigations, older hardware etc.. Though, I don't even agree with the security triangle entirely ;-) Perhaps I missed the point but attacks not being currently used is a false metric as they could still be used, if allowed. I think he has done quite well considering and clearly made an effort surrounded by voices likely from competitive projects. He clearly has some knowledge around attack vectors. His biggest mistake is he should be asking questions considering his limited knowledge of OpenBSD and not making arrogant statements. It was an interesting talk atleast and re-evaluation is almost always useful. OTOH hand, it may stem from attempting to make the case that if Linux does priv sep/drop, unveil and pledge then Linux is good and the Linux kernel, is not an issue. If so, then that is a naive view. More likely, he is just in transition to OpenBSD :-)
