> I'm not one to condone shitty attitudes. > > However, I think in this case it's unfair to claim that one can have > no expectations of OpenBSD with regards to security patches. If I > could have no such expectations, I would not use OpenBSD in the first > place.
Then don't. > I have these expectations based on a very impressive security > history for which the OpenBSD developers deserve much in the way of > praise. And we will continue to try to stay ahead of the curve. But please, bear with me, because I see you want to talk about expectations. Sure, let's talk about them. First off, in this case just like in some other cases, you can _expect_ to wait for a proper OpenBSD patch, since we are not solving this by using the ISC solution. There are reasons, and they are our private reasons. Meanwhile, I _expect_ that our developers will do a proper job, on their own time schedule. I also _expect_ that it will be the best solution to the problem. I don't _expect_ that any pressure from our users will change their process at all. I don't _expect_ that any of this will change any of the attitudes of people out there who are natural assholes, through and through, living lives of vocal _expectation_ without anything else to back them up. I don't _expect_ that any of them will go run some other operating system, either. I don't _expect_ that I would care if they did. I _expect_ they will remain assholes tomorrow, and next week, and next year too. I don't _expect_ that any of those whiners have the skills to simply go and get the stock bind from ISC themselves, install it on their openbsd systems, and undo all the other hard work we've done in this area. I _expect_ that these people have difficulty running make. I _expect_ that our developers will do the best job. And I don't _expect_ all of the people on our mailing lists to understand that. > Additionally, loyal OpenBSD users may be interested in the details of > the vulnerability disclosure. There very well maybe loyal OpenBSD > users who wish to very politely inform ISC that there are large > numbers of BIND users who would appreciate the same level of > cooperation between ISC and OpenBSD as ISC affords others. Again, I don't see how you can _expect_ the developers to care anything about this thing which you _expect_. If we have private discussions with ISC, then those are our private discussions. If you have reservations about some communications not being public or such, then I can see that you _expect_ way too much. Watch out -- having _expectations_ can lead to developing a shitty attidude really quickly. When you get to that point, you can _expect_ us to not give a shit.
