> You may have misunderstood me as well. I'm saying Dell should have been > providing source all along. In fact, I reported them to the busybox > maintainers a couple of years ago, so that may be why you're finally > seeing source now.
Ah ok, my apologies. Yes I agree that they should have been providing source all along. I believe the FSF has had enough complaints that they became involved within the last few months, which is why we're now seeing code being released. > What matters more is if we find vulnerabilities. And, since I've been > able to get a root shell on a DRAC in the past without access to the > source, I'm fairly confident they're there. I agree. I would feel much more comfortable running firmware that had been community reviewed, as open source projects are. It may be that Dell have excellent programmers who write fantastic code, but unless it's all public I can't trust it. Given that some of the code has (legally) been withheld, this does make me suspicious, and all the more eager to spin my own firmware. > Dell's firmware and supporting code are *not* securely written. A word > of advice: don't install the virtual media and remote console plugins in > a browser you use for other things. Well there's no problems there, the only time I tried to use virtual media it complained that the file was too big. Item #121 on the new DRAC firmware - virtual media over NFS... That'll have to come once the remote console is fixed though :-) Cheers, Adam. _______________________________________________ Linux-PowerEdge mailing list [email protected] https://lists.us.dell.com/mailman/listinfo/linux-poweredge Please read the FAQ at http://lists.us.dell.com/faq
