At 01:43 AM 8/14/2003, Kris Kennaway wrote:

>On Wed, Aug 13, 2003 at 11:25:04PM -0600, Brett Glass wrote:
>> CERT Advisory CA-2003-21 GNU Project FTP Server Compromise

>
>This never would have happened if they had used the BSDL!


Not true, of course. But on the other hand, the fact that FreeBSD
uses their code means that it may have integrated Trojaned source.
Another reason to avoid using code from a group that's not only
unethical and malicious but also careless about security.

Kris, as a member of FreeBSD's security team I hope you're checking
to make sure that Trojaned code was not included. (The most effective
way would, of course, be to remove the GNU code from FreeBSD, but while
I'd like to see that done it's probably too much to hope for.)

--Brett Glass

_______________________________________________
freebsd-chat@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-chat
To unsubscribe, send any mail to "freebsd-chat-unsubscribe@freebsd.org"