As I can see many fixes came out because of Ilja van Sprundel:
Thanks Ilja for pointing out the problems and for the OpenBSD team to fix them
so fast! :)
> Sent: Saturday, July 29, 2017 at 4:50 AM
> From: "Theo de Raadt" <dera...@openbsd.org>
> To: "Ilya Abimael" <ilyaabimae...@mail.com>
> Subject: Re: A survey of BSD kernel vulnerabilities (DEF CON) [pdf]
> > The maintainers of various BSDs should talk more among each other
> Hey Ilya,
> That happens very rarely.
> In particular, they view us as competition. We aren't competition;
> this is a research OS.
> Most of their developers work in corporate environments, pretty
> tightly tied to things that happen in California.
> For the millions that FreeBSD collected over the years, not one penny
> has been contributed towards OpenSSH or any of our other efforts.
> We've taken almost no code from them. Maybe a driver here or there.
> They've taken gobs of code from us, which does make us happy.
> But over the years some of their developers have played sockpuppet
> games denouncing us.
> The attacks on against our efforts of trying to audit the whole tree,
> build mitigations, etc, got really bad about 10 years ago.
> I decided years ago that anything important, I won't share with them
> by talking to them. That's my choice. I told other people of my
> choice. Other people act the same way, I suppose.
> However, all our fixes as commited in a public repo. You may have
> heard, but we were the first codebase with a public repo -- ie.
> anoncvs. Before that, everyone was even more private, only releasing
> final tarballs with "changelogs".
> However the reasons for changes sometimes don't show up in commitlogs.
> When our developers skip explaining the reasons, I give them heck.
> I dislike commit messages which don't explain the reason.
> I think you oversimplify the situation. There are fewer people than
> you might assume. OpenBSD is about 80 people at a time, but 40 of them
> work in the ports tree. Then about 10 people working in drivers, and
> the remaining 30 have a mix of kernel and userland experience, though
> it tends towards userland.
> In FreeBSD the total numbers are about 2x as much, but their low-level
> grouping is even smaller than ours.
> Surely you realize how large these codebases are. People get spread
> out all over the place.
> 7-day moving average of OpenBSD commits at
> http://www.oxide.org/cvs/OpenBSD.html appears to be about 50/day.
> Where would people find the time to talk about anything?
> 190,000 commits of divergence in the base trees. Finding common ground
> is harder than you think.
> After more than 20 years, there is no such thing as BSD. Deep inside, the
> differences are greater than the commonalities.