| |||||||||||||
|
| |||||||||||||
Theo de Raadt on OpenSSH security flawsTheo de Raadt on OpenSSH security flawsPosted Apr 1, 2006 2:31 UTC (Sat) by Shanep (guest, #36879)In reply to: Theo de Raadt on OpenSSH security flaws by jmtapio Parent article: Interview: Theo de Raadt of OpenBSD (NewsForge) I must say I find this comment disturbing even from Theo de Raadt. The idea of trying withhold information about security problems does not belong to free software, especially to such critical free software. Now hang on just a second. Theo is refering to SunSSH here, a seperate branch which Sun have chosen to fork and develop for themselves and yet don't even donate a cent to him. Theo should not be expected to audit Sun's source for bugs, when they have incredible amounts of money and resources to do it themselves. Sun can watch the OpenSSH advisories and audit their own SunSSH. There is no lack of full disclosure here. Theo discloses information about OpenSSH and Sun is free to listen to that, ignore it and continue to make a complete mess of SunSSH. Why should Theo and the OpenSSH project hold Sun's hand on SUNS OWN SOFTWARE when Sun gives NOTHING back? I thought the point with the BSD license was supposed to be that it does not require corporations to give back to the community. That's right. The software is given away for free and corporations do not have to give back code changes or money. However, OpenSSH is important and costs money to develop. With the savings the corporations have made by using OpenSSH and with the future of OpenSSH being in everyones best interests, including that of the corporations, donations from those who can most afford it would help retain the bright future of OpenSSH. Theo is just as free to request donations, as the users are free to deny him that. But if people hold any value in OpenSSH and its future, they'll donate. It's the least people can do when you consider all the time and effort people have put into OpenSSH for free.
(Log in to post comments)
|
|
||||||||||||