FreeBSD: security

From: Graham Perrin <grahamperrin_at_gmail.com>
Date: Tue, 15 Mar 2022 04:18:29 UTC
Please see <https://www.freebsd.org/security/>.

In context, from <https://www.freebsd.org/about/>:

"FreeBSD … focuses on features, speed, and stability. …"


On 14/03/2022 20:10, iio7@tutanota.com wrote:
> I have just finished reading through tons of security bug reports in 
> the FreeBSD
> bug report archive,

If you mean reports that are visible to the public, please link to one 
that concerns you.

Security bug reports 
<https://bugs.freebsd.org/bugzilla/describecomponents.cgi?product=Security> 
are not visible to the public.


> also normal bugs,

Not to be confused with security issues.


> and I am "scared" about the lack of attention these issues get.
>
> It's like no one "cares", or the few that does is simply overburden.
>
> This proposal from 2018, with the problems it lists, still seems very 
> valid:
>
> https://web.archive.org/web/20210401214138/https://lists.freebsd.org/pipermail/freebsd-arch/2018-March/018892.html

Without the Wayback Machine:

<https://lists.freebsd.org/pipermail/freebsd-arch/2018-March/018892.html>

Overview:

<https://markmail.org/message/mwcawe7jewed2mop>


> Are any of you - who runs FreeBSD in production (please home labs,
> desktop/laptop use, don't reply) - not worried about the current state 
> of affairs?

I'll not respond to that point.

> Am I missing something?


Readers may note the security aspects of things such as these:

<https://lists.freebsd.org/archives/freebsd-security/2022-February/000015.html>

<https://cgit.freebsd.org/src/log/?h=stable%2F13&qt=grep&q=openssh>

<https://www.freebsd.org/status/report-2021-10-2021-12/>

<https://cgit.freebsd.org/src/log/?qt=grep&q=-Wfortify-source>
<https://freebsd.markmail.org/thread/focplj4af4ttjzoe>
<https://www.netbsd.org/gallery/presentations/khorben/asiabsdcon2017/Hardening%20pkgsrc.html>

Hope that helps,

Graham