The lesson of the article seems not to be that the convicted felon wrote bad code (although he did), but that open source code being safe because it is reviewed by the community is a myth.
-----Original Message----- From: Blueonyx <blueonyx-boun...@mail.blueonyx.it> On Behalf Of Michael Stauber Sent: Saturday, March 27, 2021 11:43 PM To: BlueOnyx General Mailing List <blueonyx@mail.blueonyx.it> Subject: [BlueOnyx:24868] FreeBSD 13 and pfSense drama (Off-Topic) Hi all, This is not BlueOnyx related at all, but if you want a giggle at the expense of others, say no more: https://arstechnica.com/gadgets/2021/03/buffer-overruns-license-violations-a nd-bad-code-freebsd-13s-close-call/ TL;DR: Netgate paid a convicted felon to port WireGuard into the FreeBSD kernel to make it easier for them to use pfSense on FreeBSD for their stuff. That guy eventually delivered and the code submission was merged into the code tree for the upcoming release of FreeBSD 13. Until the FreeBSD core maintainers found out what an unmitigated and exploitable disaster that code was. "Bad" just doesn't cut it. It was a hell of a lot worse. So in a two week bender they rewrote it from scratch on their own. Which gave Netgate the fits and put them into a rage-fit of accusations and easily refutable denials. The reason for that unwise move was: They already had merged the shitty pre-beta FreeBSD-code into pfSense 2.5.0 (released a month before FreeBSD 13 was to come out) and FreeBSD's fixes now clearly showed what an exploitable buggy mess pfSense 2.5.0 actually had become. End result: FreeBSD and Netgate no longer seem to be "friends" and WireGuard has been stripped from the upcoming FreeBSD 13 release entirely. That went well. /facepalm I actually liked pfSense a little. Now I'm wondering what other "surprises" they have under the hood. :-/ -- With best regards Michael Stauber _______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx _______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx