Language Selection

English French German Italian Portuguese Spanish

Software flaws don't negate "many eyes" in open source

Filed under

The allegations from Greg Perry regarding backdoors allegedly placed within OpenBSD about a decade ago seem to be shifting more and more into the realm of fantasy as each day goes by.

To date, Perry has not responded to my inquiry regarding his Dec. 11 e-mail to OpenBSD founder Theo de Raadt, nor to my knowledge has he responded publicly anywhere else. Meanwhile, the two (or three, depending on how you count it) people named in Perry's message to de Raadt as parties to this supposed backdoor activity, Scott Lowe and Jason Wright, have denied their involvement--the latter within the same [openbsd-tech] thread that started all this.

Since no one has heard any more from Perry, I will decline to speculate why he made these accusations, except to note that sometimes silence can speak volumes, and this may indeed be one of those instances.

While the accusations fly, de Raadt has indicated at least to one media outlet that an audit of this part of the OpenBSD code has found some bugs.

"We've been auditing since the mail came in! We have already found two bugs in our cryptographic code. We are assessing the impact. We are also assessing the 'archeological' [sic] aspects of this," de Raadt told iTWire.

It is not clear whether these bugs would allow the insertion of a backdoor or sideways entry-point into an OpenBSD system, nor if, based on de Raadt's statements to iTWire's Sam Varghese, these are the only bugs in this part of OpenBSD.

My colleague Glyn Moody tapped on any possible existence of such bugs in OpenBSD--planted or not--as a fundamental problem with one of the core tenets of free and open source software (FLOSS) development:

rest here

More in Tux Machines

A History Of Everyday Linux User's 350 Blog Posts

This article is something of a landmark as it is the 350th post on Everyday Linux User. I took last week off to celebrate. Well actually I went away with the family down to England for a few days and didn't take a computer with me. I did take in Alnwick Castle however which is the location for Hogwarts from the Harry Potter films. Read more

Kodi 17 "Krypton" Beta 4 Released with ARMv8A 64-bit Builds for Android, Fixes

Today, October 25, 2016, Martijn Kaijser had the great pleasure of announcing the release and immediate availability of the fourth, and probably the last Beta milestone of the upcoming Kodi 17 open-source and cross-platform media center software. Read more

GNOME's Epiphany 3.24 Web Browser to Use Firefox Sync Service, HTTPS Everywhere

The GNOME developers are preparing to release the first development version of the upcoming GNOME 3.24 desktop environment, versioned 3.23.1, and we can't help but notice that some of the core apps were updated recently. Read more

Suse: Question. What do you call second-place in ARM enterprise server linux? Answer: Red Hat

ARM TechCon Suse is claiming victory over Red Hat by announcing – and these caveats are all crucial – "the first commercial enterprise Linux distribution optimized for ARM AArch64 architecture servers." In plainer English, Suse has developed an enterprise-grade Linux distribution that runs on 64-bit ARM servers (should you happen to ever find one). Suse claims this software is a world first because it is a finished commercial product, thus beating Red Hat to the punch: Red Hat Enterprise Linux Server for ARM is still only available as a beta-like development preview. Read more