Ethereal-dev: RE: [Ethereal-dev] Harsh criticism from the OpenBSD folks

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Devin Heitmueller <dheitmueller@xxxxxxxxxxx>
Date: Tue, 24 Aug 2004 09:56:58 -0400
Rather than speculating, perhaps we should talk to the OpenBSD people
about what their concerns are.  I am a bit dismayed that they chose to
pull Ethereal out of their distribution without making any effort to
voice their concerns to us.

Devin

On Tue, 2004-08-24 at 09:39, Giles Scott wrote:
> Is it worth someone proactively changing all calls to 'sprintf' to
> 'g_snprintf'?
> This might make them a little happier?
> 
> I'd do it; but I don't have SVN write access, so someone would end up
> having to merge all the patches anyway :-(
> 
> Cheers
> 
> Giles
> 
> 
> -----Original Message-----
> From: ethereal-dev-bounces@xxxxxxxxxxxx
> [mailto:ethereal-dev-bounces@xxxxxxxxxxxx] On Behalf Of Gerald Combs
> Sent: Sunday, August 22, 2004 7:49 PM
> To: 'Ethereal-Dev'
> Subject: [Ethereal-dev] Harsh criticism from the OpenBSD folks
> 
> From
> 
> http://www.openbsd.org/cgi-bin/cvsweb/ports/net/ethereal/Attic/Makefile?
> hideattic=0
> 
> "Remove ethereal from the ports tree.  Right during 3.5, it had more
>  than a dozen remote holes being fixed, that we shipped with.  Weeks
>  later things have not improved, and there continue to be problems
>  reported to bugtraq, and respective band-aids - but it is clear the
>  ethereal team does not care about security, as new protocols get added,
>  and nothing gets done about the many more holes that exist.
> 
>  Maybe someone will at least privilege separate this one day, and then
>  the OpenBSD stance with respect to this may change.
> 
>  Encouraging people to run broken software by distributing packages
>  with known security holes is not desired by any of us."
> 
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
> 
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
-- 
Devin Heitmueller
Senior Software Engineer
Netilla Networks Inc.

Attachment: signature.asc
Description: This is a digitally signed message part