[BlueOnyx:24872] Re: FreeBSD 13 and pfSense drama (Off-Topic)

[Michael Stauber]

Hi Ken,

> The fact that the guy is an ex-con makes for a good headline, but is perhaps
> somewhat irrelevant to the story.  Here in the Chicago area we used to have
> a hot dog place named "Felony Franks" that employed ex-cons.  I wonder which
> is more worrisome, having felons cook your food or write your code?

Sure, people who served their time should get their second chance.
Perhaps even the 'Landlord from Hell' like he was depicted as in this
article:
https://abcnews.go.com/US/exclusive-landlord-hell-defends-terrorizing-apartment-tenants/story?id=20875476

Yet it makes the behavior of Netgate all the more bamboozling. There is
a company that depends on and lives off tacking their proprietary stuff
onto Open Source in order to sell it. They chose FreeBSD, which sure has
it's benefits. To get a better foot into the door they contracted
developers who already contribute to FreeBSD. Because that's the cheap
and fast way of getting that foot into the door instead of hiring
someone full time like more respectable entities do. Yet it seems they
didn't do enough due diligence there - not (just) related to the prior
conviction, but more in the way of his qualifications to deliver usable
code of acceptable quality on time.

And lastly when they took the code from the FreeBSD beta repository to
integrate that into pfSense 2.5.0 they didn't spot even the most
egregious oddities in the code and instead shipped it right away.

When FreeBSD found the first issues they downplayed the gravity of the
situation, denied the remote exploit-ability and when proven wrong they
set the haystack on fire blaming FreeBSD for endangering their
commercial product while they were fixing the code that their
representative had contributed.

The relationship between commercial third party interests and open
source projects are always somewhat tricky. I guess this can serve as an
example how both sides shouldn't do it.

-- 
With best regards

Michael Stauber