Hacker News new | past | comments | ask | show | jobs | submit login

> It's interesting that the bug was fixed without an advisory (oh to be a fly on the wall on ICB that day; Theo had a, um, a, "way" with his dev team).

This would be my question. That seemingly small change has large security implications since it means that branch was disabled on certain erroneous conditions for some extended period of time and then silently changed back. I think you're right that Jason fixed it, but why wasn't it announced as a major security flaw in OpenBSD 3.0 which I believe released with this code?

Another spin on this drama could be either of these two:

1. Jason actually went in and fixed bugs placed by other NETSEC employees, and now is the victim of reprisals.

2. NETSEC was incompetent, not malicious, and then silently went around fixing things without telling anyone.

Interesting stuff, can't wait to see the rewrite of this file! :-)




Angelos was never a NETSEC employee; his work on the OpenBSD IPSEC code was at one point funded by NETSEC, but if you're familiar with how OS kernel "volunteer" development works, that's not a weird situation at all --- there were, if I remember my semi-sober conversations with him at the Ship & Anchor correctly --- plenty of times Theo found himself in similar relationships.

It's unlikely that NETSEC would have had any management influence over Angelos during that work.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: