|From:||Theo de Raadt <deraadt-AT-cvs.openbsd.org>|
|To:||Kurt Seifried <kurt-AT-seifried.org>|
|Subject:||Re: new OpenSSL flaws|
|Date:||Thu, 05 Jun 2014 22:33:58 -0600|
|Cc:||"Martin, Matthew" <phy1729-AT-utdallas.edu>, "grazzolini-AT-gmail.com" <grazzolini-AT-gmail.com>, "misc-AT-openbsd.org" <misc-AT-openbsd.org>, "tech-AT-openbsd.org" <tech-AT-openbsd.org>, Solar Designer <solar-AT-openwall.com>|
> I suggest you talk to Mark Cox who actually handled this stuff. I'm not > sure why you are asking two people (myself and Solar) who are NOT part of > the OpenSSL team about whom the OpenSSL team notified. Kurt, if Mark Cox is the person who handled this stuff, fine. Who cares? I am hearing claims all over the place regarding a list RUN BY YOU. FACT: Kurt Seifried and Solar Designer are the two primary operators of the openwall security list, the declared access point for security issues affecting Linux operating systems. There are claims being lodged that disclosure of these OpenSSL problems happened on that list. There are claims that we did not get this disclosure because OpenBSD is not on that list. Particularily me, Bob, and Todd Miller. Kurd, is that true? Is that how you see it? Were disclosures handled there, or via another platform or method? ANSWER THE QUESTION. If you won't answer this question, noone should ever trust you again for anything. > I'm done playing games with you Theo. You were invited to join distros > publicly and flamed me. I privately emailed Bob Beck inviting him to join, > and he flamed me (but then apologized), You both said no. I can't do > anything more. I wish you the best of luck in your future endeavors. I am not playing any games. Let's look at the facts. Kurd Seifried is an official Red Hat security officer (of sorts, but probably not tomorrow) Kurt, is Mark Cox your supervisor? A claim is being made that disclosure to OpenBSD needs to be on a Russian email list run by you (Kurt Seifried) and Solar Designer (not going to include his real name) for access to early disclosure of important security information. SO ANSWER THE FUCKING QUESTION, KURT. Or else, if you are a wimp, have your Mark Cox answer the fucking question. Red Hat and OpenSSL -- answer the fucking question. Why was the OpenBSD user community excluded from this information? Why are there public accusation -- from Red Hat officers -- that OpenBSD developers only get advance access to information if they join a Russian located email list? ps. Who is Mark Cox? I've never heard of him.
Copyright © 2014, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds