Ethereal-dev: [Ethereal-dev] Harsh criticism from the OpenBSD folks

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Gerald Combs <gerald@xxxxxxxxxxxx>
Date: Sun, 22 Aug 2004 21:48:34 -0500
From

http://www.openbsd.org/cgi-bin/cvsweb/ports/net/ethereal/Attic/Makefile?hideattic=0

"Remove ethereal from the ports tree.  Right during 3.5, it had more
 than a dozen remote holes being fixed, that we shipped with.  Weeks
 later things have not improved, and there continue to be problems
 reported to bugtraq, and respective band-aids - but it is clear the
 ethereal team does not care about security, as new protocols get added,
 and nothing gets done about the many more holes that exist.

 Maybe someone will at least privilege separate this one day, and then
 the OpenBSD stance with respect to this may change.

 Encouraging people to run broken software by distributing packages
 with known security holes is not desired by any of us."