Theo, this thread is DEAD. Drop it. No one believes in "backdoors" planted into OpenBSD.
I se commits - you dig all over the place. If "backdoor" existed, then it is gone cause of this digging. Without proof its just a plain BS. P.S. I lost my interest for a while ago now. On Dec 17, 2010, at 7:23 PM, Theo de Raadt wrote: >> On Fri, Dec 17, 2010 at 7:59 AM, Theo de Raadt <dera...@cvs.openbsd.org> wr= >> ote: >> >> [skipped] >> >>>> I have to say that Perry here is credited with one thing he actually di= >> d not >>>> do -- publish this to the world. There has been talk of alterior motive= >> s here, >>>> but for any of these motives, Perry had to know or pretty damn well gue= >> ssed >>>> that =C2=A0the second thing Theo (hi, Theo) would do to his email was t= >> o publish it. >>>> Would you plan anything based on a predicted behavior of a person you >>>> haven't communicated with in 10 years? >>>> >>>> This is not to point finger at Theo for creating all this commotion, of= >> course; >>>> this commotion can, however, be, an unintended accident, but the fact t= >> hat >>>> it came from Theo gave it a lot of credibility. >>> >>> Whoa, wait a second here. =C2=A0If you think I gave it credibility, you >>> need to go back and read my words again. =C2=A0I called it an allegation, >>> and I stick with that. =C2=A0I was extremely careful with my words, and y= >> ou >>> are wrong to interpret them as you do. >> >> Look, if somebody like me posted something like this here, it would be just >> plain dismissed. > > If that is the case -- that people would dismiss it automatically -- > then the community is really stupid. You are almost arguing that that > is the way it should be. > > Allegation of not, code should always be checked, and re-checked, and > re-checked. > > What I am seeing is that we have a ridiculously upside-down trust > model -- "Trust the developers". > > We never asked for people to trust us. We might have "earned some" in > some people's eyes, but if so it has always been false, even before > this. People should trust what they test, but the world has become > incredibly lazy. > > We build this stuff by trusting each other as friends, and that is > done on an international level. If anything, the layers and volume of > trust involved in software development should decrease trust. Oh > right, let's hear some of that "many eyes" crap again. My favorite > part of the "many eyes" argument is how few bugs were found by the two > eyes of Eric (the originator of the statement). All the many eyes are > apparently attached to a lot of hands that type lots of words about > many eyes, and never actually audit code. > > If anything, the collaborative model we use should _decrease_ trust, > except, well, unless you compare it to the other model -- corporate > software -- where they don't even start from any position of trust. > There you are trusting the money, here you are trusting people I've > never met. > >> If Perry posted his email here, he'd just be under fire to >> show some or any proof. > > OK, so I post it, and then noone asks him for proof, now it suddenly > has more strength? I am so bloody dissapointed in the community that > uses our stuff. > >> The reason this was so widely picked up >> and generated so much flame and buzz, is because you posted it here. > > How dismal. > >> It's an unfortunate consequence of a right action, really. I'm not even >> remotely saying that you intended to give it weight, or that you >> should've swept it under the rug. > > What a dismal world view.