All "GNU" software potentially Trojaned
Benjamin Krueger
benjamin at seattlefenix.net
Mon Aug 18 15:23:45 PDT 2003
* Brett Glass (brett at lariat.org) [030814 11:38]:
> At 01:43 AM 8/14/2003, Kris Kennaway wrote:
>
> >On Wed, Aug 13, 2003 at 11:25:04PM -0600, Brett Glass wrote:
> >> CERT Advisory CA-2003-21 GNU Project FTP Server Compromise
> >
> >This never would have happened if they had used the BSDL!
>
> Not true, of course. But on the other hand, the fact that FreeBSD
> uses their code means that it may have integrated Trojaned source.
> Another reason to avoid using code from a group that's not only
> unethical and malicious but also careless about security.
>
> Kris, as a member of FreeBSD's security team I hope you're checking
> to make sure that Trojaned code was not included. (The most effective
> way would, of course, be to remove the GNU code from FreeBSD, but while
> I'd like to see that done it's probably too much to hope for.)
>
> --Brett Glass
Now Brett, just because you have a bug up your butt about the GPL doesn't
mean you get the right to libel the folks who take care of it.
--
Benjamin Krueger
More information about the freebsd-chat
mailing list