Solution: pay the testers and programmers.
On 3/28/21 2:47 PM, D. Hugh Redelmeier via talk wrote:
<https://arstechnica.com/gadgets/2021/03/buffer-overruns-license-violations-and-bad-code-freebsd-13s-close-call/>
Summary: a WireGuard port to FreeBSD was sponsored by Northgate (pfSense
company). The port was of poor quality and dangerously so. Nobody caught
it until after pfSense was released with it, and just before FreeBSD
released it. The messenger was tortured, but not shot.
Bonus: the guy who ported the code was a felon / bad landlord.
Lesson: open source software does not get enough quality control.
Especially code that might affect security. Some Linux distros attempt QC
(e.g. RedHat) but I'm sure it is inadequate.
---
Post to this mailing list [email protected]
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
---
Post to this mailing list [email protected]
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
