On Wed, Oct 9, 2013 at 9:20 AM, Thinker Rix <[email protected]> wrote: > Dear pfsense-team, > > today I posted the following on your blog at http://blog.pfsense.org/?p=712 > > > ################################################ > > “Worried User Says: Your comment is awaiting moderation. > > October 9th, 2013 at 7:55 am > > Hi guys, > > I want to ask if you have been approached by any US government officials, > such as NSA, FBI, etc. and been asked/ forced to include any backdoors, > spyware, loggers, etc. into pfsense and if you did so. > > Thank you > > Worried User” > > ################################################ > > > Some minutes later I could see that my entry was not released to the public > - but deleted by the moderator, without any further comment. >
Not true, the comment was moderator approved. The only reason we have moderation at all is because spam significantly outnumbers legit comments and we don't want any spam on any of our sites, there isn't some vast conspiracy going on. No, we have not been approached by anyone to backdoor or otherwise compromise security of the project, at any point during our 9 year history. I have indeed met with the NSA in person related to the product of one of our rebrand customers a couple years back, one of their groups was interested in evaluating the product. It survived their security analysis quite well (at least from what they declassified and released), and better than most things that come into their lab from what I understand. At no point did any discussion happen related to back doors or other means of compromising security for them. I wasn't under NDA nor do I have a security clearance. It is effectively a moot question to ask, given if we were, there's no way we could disclose that. Evidence suggests a number of huge tech companies have complied. There hasn't been any evidence to date that any open source projects were approached. A number of widely-respected security people have come out and said that open source solutions are better in the aftermath of the recent revelations. One example: "My guess is that most encryption products from large US companies have NSA-friendly back doors, and many foreign ones probably do as well. It's prudent to assume that foreign products also have foreign-installed backdoors. Closed-source software is easier for the NSA to backdoor than open-source software." -Bruce Schneier https://www.schneier.com/blog/archives/2013/09/how_to_remain_s.html On crypto-related components, we rely on what's in stock FreeBSD. There are no indications it has been weakened or compromised. _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
