atheros chips dangerous?

"José M. Fandiño" jm.fandino at fadesa.es
Fri Aug 11 08:46:51 UTC 2006


Poul-Henning Kamp wrote:
> In message <20060810130331.X94142 at 3jane.math.ualberta.ca>, Barkley Vowk writes:
> 
>>On Thu, 10 Aug 2006, Poul-Henning Kamp wrote:
>>
>>>The Atheros driver in FreeBSD is maintained and compiled by Sam Leffler,
>>>who has been around since BSD 4.2 in the early eighties sometimes.
>>>
>>>I trust Sam.
>>
>>I don't think that quite answers his question however. Its not so much a 
>>matter of trusting Sam, but a matter of trusting that Sam had enough 
>>access to the binary objects in question to have eliminated the errors in 
>>them.
> 
> Sam compiled those binaries, he has the source code.
> 
> And it is a matter of trust.

from the phk's comments I deduce that it was a NDA between Atheros
and FreeBSD.

In my opinion the difference is that with NDA you place trust in
a few persons (the ones with the code), whilst with open source
drivers the code can be reviewed by all people with enough
knowledge about the subject and since peer review is an important
concept in FOSS quality (and security) it would be desirable
to have free code.

this answers to my question, thanks you.







More information about the freebsd-security mailing list