Subject: Re: Why is open source bad for security ?
To: None <>
From: Jeremy C. Reed <>
List: tech-security
Date: 10/14/2002 21:53:39
On Tue, 15 Oct 2002, Darren Reed wrote:

> feel like I've been seriously let down here and so have NetBSD's
> users.  If it were up to me, I'd hang them all upside down, somewhere

What NetBSD users have been let down?

What do you mean by being let down?

Are you saying some major issue is currently effecting NetBSD users, but
not properly fixed or announced?

Can you explain the security issue so I can understand how I/we have been
let down?

   Jeremy C. Reed

p.s. This has made me think about open source vendors and security that
have personally affected me and my servers ... Sometimes Debian is fast,
but often updates, in fact, were not needed or have to be repeated
multiple times, because a fix wasn't done correctly the first time. Often,
Red Hat's fixes have required numerous other un-needed upgrades because
the fixes were made against newer libraries, for example. Commercial
BSD/OS has had many problems (such as breaking other functionality) the
past few years providing its proprietary for "open source" software.
OpenBSD (and NetBSD) usually provide(s) quick fixes in forms of source
code patches, then you have to spend much time updating the new binaries
on many systems.