Buffer overruns, license violations, and bad code: FreeBSD 13’s close call
40,000 lines of flawed code almost made it into FreeBSD's kernel—we examine how.
Hasnain says:
This is a pretty good - and scary! recap of this whole fiasco.
“Neither Netgate's responses, FreeBSD Core's, nor the off-record responses we heard from independent FreeBSD community members lead us to believe that there was in fact any process in place that could reasonably have been expected to catch this issue prior to it going out into the world in 13.0-RELEASE.
We take some heart in the fact that FreeBSD Core team's expressed a commitment to improving processes, refining tooling, and making code reviews more effective—but it's impossible to ignore the fact that this commitment comes as an afterthought to attacking "public discourse" that highlighted the need for those improved processes, refined tools, and more effective reviews in the first place.”
Posted on 2021-03-28T00:27:02+0000