
Inflamation by Bryan Cantrill - cnst
https://marc.info/?l=openbsd-tech&m=152894815409098&w=2
======
tptacek
Ordinarily, I'd flag this stuff as just more drama. And I'm no fan of Theo de
Raadt's. But from every account I've heard: OpenBSD was not included on the
embargo for this bug. If Cantrill is accusing de Raadt of breaking that
embargo, he owes a serious apology. This is not a minor thing: it is already
perceived as problematic how some OS projects get included on these embargoes
and others don't.

 _Guessing_ at a bug you weren't informed about, even if (in fact, _especially
if_ ) the guess is informed by the actions of people who are included in the
embargo, isn't doing anything wrong. The only people to blame are the people
who tried and failed to protect a secret bug for just a subset of OS's.

Also: these embargoes are stupid, and everybody involved knows just how stupid
they are. Rumors spread amongst the cool kids days or sometimes even weeks
before anything is published.

~~~
topspin
de Raadt has been one of the conspicuously few unvarnished voices wrt Meltdown
et al. Also, if he is to be believed as to OpenBSD's methods, something
approaching actual hacking appears to have occurred. Can't help but think that
might have a place at _hacker_ news...

------
tgtweak
I'm not picking sides just pointing out there is absolutely no context here
for the average reader.

Maybe bcantrill can chime in.

~~~
tptacek
Theo is the project leader for OpenBSD.

Last I heard, Cantrill was at Joyent, and worked on IllumOS.

For at least the last few multi-platform bug embargo cycles, people have been
chattering about OpenBSD's unwillingness to participate in, or possibly even
honor, embargoes.

Theo recently gave a presentation (at BSDCAN, I think?) that he opened by
accusing the community at large of defaming OpenBSD's behavior around
embargoes, despite OpenBSD project members helping other projects with
previous embargoed bugs, then carefully pointed out that OpenBSD wasn't a
party to any current embargoes despite reaching out and asking Intel to
participate in this current FP bug.

Then he basically "guessed", based on what he says was a very vague rumor,
what the FP bug was about.

Now he says Cantrill is, on some forums, accusing Theo or OpenBSD of getting a
leak about the actual FP bug, and then helping break the embargo.

I think that about covers it?

~~~
bcantrill
He's referring to comments I made on lobste.rs.[1]

Those comments speak for themselves; I did not accuse Theo of breaking the
embargo -- and to the contrary, I was advocating that OpenBSD be included.
But, as I commented on lobste.rs, that Theo has acted irresponsibly has made
achieving that inclusion quite a bit more difficult.

[1]
[https://lobste.rs/s/zwkuza/intel_cpus_might_leak_information...](https://lobste.rs/s/zwkuza/intel_cpus_might_leak_information_about#c_jri1zp)

~~~
tptacek
You used the word "espionage".

If the LazyFP team wanted to keep Theo quiet, they should have included
OpenBSD _in the first place_. You can't retroactively include them once they
figure it out; that's not an embargo, that's _omerta_.

~~~
bcantrill
I used the word "espionage" in a sentence that had many other words in it --
and it wasn't my intent to imply that they had obtained this information
through malfeasance. To the contrary, I think it was much likely leaked by
someone friendly to OpenBSD's cause (the "post-Spectre rumors" referred to in
the commit[1]).

Regardless, it wasn't handled responsibly -- and to those of us who _were_
under the embargo who _did_ advocate for the inclusion of OpenBSD, the
behavior here has made that argument much more difficult.

[1] [https://marc.info/?l=openbsd-
cvs&m=152818076013158&w=2](https://marc.info/?l=openbsd-
cvs&m=152818076013158&w=2)

------
robert_foss
While it's hard not to rubber-neck, this isn't very interesting stuff.

~~~
actionowl
Agreed. I'd prefer to focus on the vulnerability not the drama. I deeply
respect both these community leaders and it pains me to see this unfolding.
Wishing for the best outcome.

~~~
tptacek
Disagree, in this case. OpenBSD is routinely excluded from embargoes. There's
a perception that OpenBSD is hostile to them, or won't honor them. The
accusation that OpenBSD purposefully subverted this most recent one has teeth.
If it's a bogus accusation, it should be retracted, with an apology. It's not
meaningless drama in this case.

------
tlrobinson
Context:
[https://lobste.rs/s/zwkuza/intel_cpus_might_leak_information...](https://lobste.rs/s/zwkuza/intel_cpus_might_leak_information_about)

> That discussion was ongoing when OpenBSD caught wind of this – presumably
> because someone who was embargoed felt that OpenBSD deserved to know – and
> then fixed it in the worst possible way. (Namely, by snarkily indicating
> that it was to address a CPU vulnerability.) This was then compounded by
> Theo’s caustic presentation at BSDCan, which was honestly irresponsible: he
> clearly didn’t pull eager FPU out of thin air (“post-Spectre rumors”), and
> should have considered himself part of the embargo in spirit if not in
> letter.

