FUD is not needed here
Posted Mar 14, 2007 20:20 UTC (Wed) by ajross
In reply to: FUD is not needed here
Parent article: A second remote hole for OpenBSD
Do you have any evidence to back up your "psychological analysis" of
As explained: they apparently tried to "cover up" a serious
security issue as a denial of service. I suggested that the reason
might be because they were afraid of having to increment their "Only N
holes" counter. That seems like a reasonable line or argument to me.
There is some factual evidence (click on the link above), that I
combined with other facts (the "Only N holes" marketing slogan) to
suggest a hypothesis (the "psychological analysis").
Now, you may not agree with me, and I may be wrong, but I think this
is well above the level of "FUD".
I'll be honest, I think the "Only N holes" slogan is a dumb idea.
At best, it has the effect of fooling the users (or fan base) into
thinking it means more than it really does. At worst, it actively
encourages the developers to "cook the books" in an attempt to avoid
And please don't pretend that a kernel overflow bug is ever
a minor issue that can be fixed with a silent (non-security) bugfix.
It's a huge deal, and sweeping it under the rug as a DoS until someone
can prove you incorrect is just wrong. This should have been
disclosed as a potential security issue instantly.
to post comments)