Classic Theo?
Jan. 20th, 2006 06:28 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
sawylThere were two different issues, each affecting different implementations. As usual, I carefully read through the advisories trying to understand what sort of impact the vulnerabilities had, how disclosure had been done, and that sort of thing. Once I got to the "Fix" section of the advisory, something caught my eye immediately.
No fix will be released for OpenBSD. To quote Theo de Raadt: "Sorry, we are going to change nothing. Securelevels are useless." I wouldn't have believed it to be an authentic vendor response had any other name been attached to the quote.
I'm very surprised to discover that Miller feels that way because, to me, the quote seemed like vintage de Raadt, with it's refusal to compromise and it's suggestion that he's way too busy with real work to bother about polishing his words into marketing speak. In fact, now that I think about it, I was rather bemused by the way the article insisted on referring to OpenBSD as vendor — they're more of a gestalt entity like Debian than a corporate vendor like Red Hat.
