OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: Same shit all over again

From: Kevin Chadwick (ma1l1istsyahoo.co.uk)
Date: Fri Aug 13 2010 - 14:07:49 CDT


I had to think a while before daring to reply to this as I'm obviously
out of my depth and don't know the background or real issues or if
what I have to say is remotely relevent, I apologise if I'm out of
order.

It seems that OpenBSD has set it's goals and is the best at it. It
doesn't really need to compete with other OS. I imagine this takes
overseers like theo who understand so much of the OS to point things
out, as I have seen from the src list. If development accelerates then
those overseers are going to have more work and pressure, and so making
their/his job as easy as possible is paramount if we want any
acceleration in development. I don't want to see large company
syndrome, where the head doesn't know what the feet are kicking.

If others think they can do his job then they are the best people to
make his job and life easier resulting in faster yet still manageable
development. If you develop hardware brilliantly you may not have to
test test test as suggested to us by other companies, but you always
have to test.

On Fri, 13 Aug 2010 13:23:28 -0500
patric conant <mirage.computinggmail.com> wrote:

> This appears to be none of my business, not sure how it got to misc, besides
> someone's deep enough interest to create a special gmail (in eu) account.
>
> Now I don't develop software, nor know anything, but this reads like the
> tree got locked because lots of testing was failing to occur, which sounds
> like a reasonable response to discovering lackluster/incomplete testing, but
> it's tone is much more like we're outing to the community some monster, I
> don't think I'm getting that from it. More like whining from someone who
> didn't get told exactly what they wanted to hear. I appreciate all the hard
> work and socially unpleasant work that goes into protecting my OS, thanks
> for all the effort.
>
> On Fri, Aug 13, 2010 at 12:46 PM, disgrun tled-developers <
> disgruntled.developersgooglemail.com> wrote:
>
> > Just to keep the mortals in the loop,
> >
> > This date to day, on Tuesday the 13th of August 2002, Theo had another fit
> > and kicked out all the OpenBSD developers for a couple of days or so:
> >
> > > Subject: Re: dealing with security issues when Theo is away
> > > Date: Tue, 13 Aug 2002 10:25:08 -0600
> > > From: Theo de Raadt <deraadtcvs.openbsd.org>
> > >
> > > None of this that you posted changes a single thing.
> > >
> > > I DID say who was responsible.
> > >
> > > Those people were not contacted.
> > >
> > > It seems you still don't understand the level of not caring that
> > > happened.
> > >
> > > I am taking a holiday next week. For that time, I think cvs will be
> > > turned off.
> > >
> > > Good god, reading even further, you are so fucking out of touch.
> > > There are only 3 machines on at my house at the moment, and you start
> > > talking about OTHER machines?
> > >
> > > NOONE PHONED ME.
> >
> > And:
> >
> > > Subject: And
> > > Date: Wed, 14 Aug 2002 17:35:30 -0600
> > > From: Theo de Raadt <deraadtcvs.openbsd.org>
> > >
> > > If I don't get answers from the evasive developers soon, I am going to
> > > take this to misc, and I will be very open with naming names.
> > >
> > > This is now days of people trying to hide from what happened.
> >
> > ------ snip ---- snip ----
> >
> > So Theo shut down all machines in his basement and none of the developers
> > had any access to the work they doing.
> >
> > I'd like to remind people that at this point we lost valuable developers
> > like Niels Provos which turns out the be one of the few who fully
> > understood
> > crypto and the security improvements like separation of privileges. Not to
> > forget Hugh, Aaron and a few others.... Others had their account re-enabled
> > after groveling. And all that over a misunderstanding that is to blame to
> > the fact that Theo had no written procedures on how to deal with 'issues'.
> > When Theo is away, you just 'wing it'.
> >
> > Today, we see the same shit all over again... Theo just announced the
> > following:
> >
> > ----- snip ---- snip ----
> >
> > > To: hackerscvs.openbsd.org
> > > Subject: Tree locked
> > > Date: Fri, 13 Aug 2010 10:03:05 -0600
> > > From: Theo de Raadt <deraadtcvs.openbsd.org>
> > >
> > > I am locking all the trees until the development community decides
> > > how future releases will be done.
> > >
> > > Yes, we all have to do our part. We write code, and some people go
> > > further by building, and some people go even further by building
> > > during the release cycle.
> > >
> > > But everyone also has to test, or we will ship crap. Yet on random
> > > releases this process totally falls over, and we end up shipping crap.
> > >
> > > Three architectures did not have one of their boot methods checked --
> > > yes, they are listed in the TESTS file! -- and the bugs were found
> > > very very late in the process. Basically 1 week after the TEST file
> > > went up.
> > >
> > > pkg_add turns out to have a major bug which would have been spotted if
> > > just a few other people had tested another line item in the TESTS
> > > file.
> > >
> > > That is ridiculous.
> > >
> > > I cannot accept all this pressure being on me; I want recognition that
> > > all the people who thus far have accused me for not being clear are
> > > wrong.
> > > we have developers in the group who cannot by themselves recognize --
> > > even ANTICIPATE -- that we are going into the same 6-month release
> > > cycle, EVERY feb/march, and EVERY august/sept, and then participate to
> > > identify the 10 last stupid bugs that we should fix. Is there that
> > > little desire to ship a good release?
> > >
> > > It will not be fixed by sending more mails out. I did send out mails
> > > and they were ignored. Communication coming from me is not the
> > > problem; it is clear that developers are NOT LISTENING.
> > >
> > > The problem is not new developers either. Anyone accusing them has
> > > got it all wrong. New developers are supposed to learn the ropes from
> > > old developers, and it is the old developers who are not doing their
> > > part. Yes, that means you.
> > >
> > > 31 people tested, meaning 140 people did not. Any suggestions for
> > > people who have idled out and don't want to be involved any more?
> > >
> > > When we ship a crap release, it is not my fault. It is YOUR fault.
> > >
> > > So tell me how we are going to fix this. Don't reply just to me.
> > >
> > > As I said, I will not accept responsibility for what went wrong here.
> > > And if anyone wants their account disabled, please accuse me just once
> > > more.
> >
> > ----- snip ---- snip ----
> >
> > And he picks on a few individuals:
> >
> > ----- snip ---- snip ----
> >
> > > To: hackerscvs.openbsd.org
> > > Subject: Testing
> > > Date: Fri, 13 Aug 2010 09:39:12 -0600
> > > From: Theo de Raadt <deraadtcvs.openbsd.org>
> > >
> > > I would like to see some tests for the upcoming release from Henning.
> > >
> > > I hope this communication is clear enough.
> >
> > ----- snip ---- snip ----
> >
> > > To: henningcvs.openbsd.org
> > > cc: hackerscvs.openbsd.org
> > > Subject: Apology
> > > Date: Fri, 13 Aug 2010 09:44:45 -0600
> > > From: Theo de Raadt <deraadtcvs.openbsd.org>
> > >
> > > I find myself unable to take back-talk from people discussing testing
> > > and then accusing me of having not done my job asking for testing,
> > > when they did not do their job. You did zero tests (everyone can
> > > check ~jsing/TESTS) over the 3 week period, yet you feel you can
> > > lecture me on why the testing procedure failed.
> > >
> > > I will enable your account when you find the time to apologize for
> > > your statements.
> > >
> > > I hope this mail is clear enough.
> >
> > ----- snip ---- snip ----
> >
> > And now he comes up with this brilliant gem:
> >
> > ----- snip ---- snip ----
> >
> > > To: hackerscvs.openbsd.org
> > > Subject: Testing idea
> > > Date: Fri, 13 Aug 2010 10:16:01 -0600
> > > From: Theo de Raadt <deraadtcvs.openbsd.org>
> > >
> > > How is this for a testing idea:
> > >
> > > - if you are part of the release build process (ie. building binaries
> > > for the release), all is good
> > >
> > > - if you work hard on finding and fixing a bug found during the
> > > release / testing process, all is good.
> > >
> > > - if your name is in the TESTS file, all is good
> > >
> > > - if you send me a mail describing circumstances that led you to not
> > > be able to test, all is good
> > >
> > > Otherwise, on the day the CDRs go to the plant your account will be
> > disabled
> > > 'due to inactivitity'.
> > >
> > > Is that where we should go?
> >
> > ----- snip ---- snip ----
> >
> > Yes Theo, let's just go that road and you'll find yourself again in a same
> > spot as 8 years ago: wondering why everybody started bailing out on you.
> >
> > Not all of us accept not that you are doing the right thing, so we'll find
> > another sand box to play in.
> >
> > Enough of the bullshit... when is this project grow up and be run by a team
> > that is accountable (voted for?) and not a guy sitting in his livingroom in
> > his underwear ranting on ICB?
> >
> > H.
> >
> >
>
>
> --
> /"\ ASCII Ribbon Campaign
> \ / Respect for low technology.
> X Keep e-mail messages readable by any computer system.
> / \ Keep it ASCII.