OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: Same shit all over again

From: patric conant (mirage.computinggmail.com)
Date: Fri Aug 13 2010 - 13:23:28 CDT


This appears to be none of my business, not sure how it got to misc, besides
someone's deep enough interest to create a special gmail (in eu) account.

Now I don't develop software, nor know anything, but this reads like the
tree got locked because lots of testing was failing to occur, which sounds
like a reasonable response to discovering lackluster/incomplete testing, but
it's tone is much more like we're outing to the community some monster, I
don't think I'm getting that from it. More like whining from someone who
didn't get told exactly what they wanted to hear. I appreciate all the hard
work and socially unpleasant work that goes into protecting my OS, thanks
for all the effort.

On Fri, Aug 13, 2010 at 12:46 PM, disgrun tled-developers <
disgruntled.developersgooglemail.com> wrote:

> Just to keep the mortals in the loop,
>
> This date to day, on Tuesday the 13th of August 2002, Theo had another fit
> and kicked out all the OpenBSD developers for a couple of days or so:
>
> > Subject: Re: dealing with security issues when Theo is away
> > Date: Tue, 13 Aug 2002 10:25:08 -0600
> > From: Theo de Raadt <deraadtcvs.openbsd.org>
> >
> > None of this that you posted changes a single thing.
> >
> > I DID say who was responsible.
> >
> > Those people were not contacted.
> >
> > It seems you still don't understand the level of not caring that
> > happened.
> >
> > I am taking a holiday next week. For that time, I think cvs will be
> > turned off.
> >
> > Good god, reading even further, you are so fucking out of touch.
> > There are only 3 machines on at my house at the moment, and you start
> > talking about OTHER machines?
> >
> > NOONE PHONED ME.
>
> And:
>
> > Subject: And
> > Date: Wed, 14 Aug 2002 17:35:30 -0600
> > From: Theo de Raadt <deraadtcvs.openbsd.org>
> >
> > If I don't get answers from the evasive developers soon, I am going to
> > take this to misc, and I will be very open with naming names.
> >
> > This is now days of people trying to hide from what happened.
>
> ------ snip ---- snip ----
>
> So Theo shut down all machines in his basement and none of the developers
> had any access to the work they doing.
>
> I'd like to remind people that at this point we lost valuable developers
> like Niels Provos which turns out the be one of the few who fully
> understood
> crypto and the security improvements like separation of privileges. Not to
> forget Hugh, Aaron and a few others.... Others had their account re-enabled
> after groveling. And all that over a misunderstanding that is to blame to
> the fact that Theo had no written procedures on how to deal with 'issues'.
> When Theo is away, you just 'wing it'.
>
> Today, we see the same shit all over again... Theo just announced the
> following:
>
> ----- snip ---- snip ----
>
> > To: hackerscvs.openbsd.org
> > Subject: Tree locked
> > Date: Fri, 13 Aug 2010 10:03:05 -0600
> > From: Theo de Raadt <deraadtcvs.openbsd.org>
> >
> > I am locking all the trees until the development community decides
> > how future releases will be done.
> >
> > Yes, we all have to do our part. We write code, and some people go
> > further by building, and some people go even further by building
> > during the release cycle.
> >
> > But everyone also has to test, or we will ship crap. Yet on random
> > releases this process totally falls over, and we end up shipping crap.
> >
> > Three architectures did not have one of their boot methods checked --
> > yes, they are listed in the TESTS file! -- and the bugs were found
> > very very late in the process. Basically 1 week after the TEST file
> > went up.
> >
> > pkg_add turns out to have a major bug which would have been spotted if
> > just a few other people had tested another line item in the TESTS
> > file.
> >
> > That is ridiculous.
> >
> > I cannot accept all this pressure being on me; I want recognition that
> > all the people who thus far have accused me for not being clear are
> > wrong.
> > we have developers in the group who cannot by themselves recognize --
> > even ANTICIPATE -- that we are going into the same 6-month release
> > cycle, EVERY feb/march, and EVERY august/sept, and then participate to
> > identify the 10 last stupid bugs that we should fix. Is there that
> > little desire to ship a good release?
> >
> > It will not be fixed by sending more mails out. I did send out mails
> > and they were ignored. Communication coming from me is not the
> > problem; it is clear that developers are NOT LISTENING.
> >
> > The problem is not new developers either. Anyone accusing them has
> > got it all wrong. New developers are supposed to learn the ropes from
> > old developers, and it is the old developers who are not doing their
> > part. Yes, that means you.
> >
> > 31 people tested, meaning 140 people did not. Any suggestions for
> > people who have idled out and don't want to be involved any more?
> >
> > When we ship a crap release, it is not my fault. It is YOUR fault.
> >
> > So tell me how we are going to fix this. Don't reply just to me.
> >
> > As I said, I will not accept responsibility for what went wrong here.
> > And if anyone wants their account disabled, please accuse me just once
> > more.
>
> ----- snip ---- snip ----
>
> And he picks on a few individuals:
>
> ----- snip ---- snip ----
>
> > To: hackerscvs.openbsd.org
> > Subject: Testing
> > Date: Fri, 13 Aug 2010 09:39:12 -0600
> > From: Theo de Raadt <deraadtcvs.openbsd.org>
> >
> > I would like to see some tests for the upcoming release from Henning.
> >
> > I hope this communication is clear enough.
>
> ----- snip ---- snip ----
>
> > To: henningcvs.openbsd.org
> > cc: hackerscvs.openbsd.org
> > Subject: Apology
> > Date: Fri, 13 Aug 2010 09:44:45 -0600
> > From: Theo de Raadt <deraadtcvs.openbsd.org>
> >
> > I find myself unable to take back-talk from people discussing testing
> > and then accusing me of having not done my job asking for testing,
> > when they did not do their job. You did zero tests (everyone can
> > check ~jsing/TESTS) over the 3 week period, yet you feel you can
> > lecture me on why the testing procedure failed.
> >
> > I will enable your account when you find the time to apologize for
> > your statements.
> >
> > I hope this mail is clear enough.
>
> ----- snip ---- snip ----
>
> And now he comes up with this brilliant gem:
>
> ----- snip ---- snip ----
>
> > To: hackerscvs.openbsd.org
> > Subject: Testing idea
> > Date: Fri, 13 Aug 2010 10:16:01 -0600
> > From: Theo de Raadt <deraadtcvs.openbsd.org>
> >
> > How is this for a testing idea:
> >
> > - if you are part of the release build process (ie. building binaries
> > for the release), all is good
> >
> > - if you work hard on finding and fixing a bug found during the
> > release / testing process, all is good.
> >
> > - if your name is in the TESTS file, all is good
> >
> > - if you send me a mail describing circumstances that led you to not
> > be able to test, all is good
> >
> > Otherwise, on the day the CDRs go to the plant your account will be
> disabled
> > 'due to inactivitity'.
> >
> > Is that where we should go?
>
> ----- snip ---- snip ----
>
> Yes Theo, let's just go that road and you'll find yourself again in a same
> spot as 8 years ago: wondering why everybody started bailing out on you.
>
> Not all of us accept not that you are doing the right thing, so we'll find
> another sand box to play in.
>
> Enough of the bullshit... when is this project grow up and be run by a team
> that is accountable (voted for?) and not a guy sitting in his livingroom in
> his underwear ranting on ICB?
>
> H.
>
>

--
 /"\ ASCII Ribbon Campaign
 \ / Respect for low technology.
 X Keep e-mail messages readable by any computer system.
 / \ Keep it ASCII.