The End ?

chpalmer

Mowgli :    You didn't answer my last question..

I ask because your name already comes up as one of the largest contributors on another project last year. And your apparent language of choice would put you right in their backyard..

It seems that W4RH34D is spot on if that is the case.

I actually believe that specific product I mention (or didn't) will do exactly what you claim this one of attempting very soon. But that is just me.

NogBadTheBad

LOL he's at it here too:-

https://forum.pfsense.org/index.php?topic=123068.0

Mowgli

@W4RH34D:

Perhaps you are being rude.  Has that occurred to you?

You come in to pfsense's forum, trash them with clickbait style musings and expected what, exactly?

Can you explain in what way i did those things you are accusing me for.

Mowgli

@NogBadTheBad:

LOL he's at it here too:-

https://forum.pfsense.org/index.php?topic=123068.0

Glad to see that you are so easily amused by someone that can post in other languages than english.

doktornotor

Still no answer to the question?

NogBadTheBad

@Mowgli:

@NogBadTheBad:

LOL he's at it here too:-

https://forum.pfsense.org/index.php?topic=123068.0

Glad to see that you are so easily amused by someone that can post in other languages than english.

I find it funny that your trying to spread your FUD in different languages after joining nearly two years ago and managing only 13 posts.

Good luck trying to find another product that better suits your needs, now trot on

Mowgli

In what way are my question FUD ?
What have my time of joining for relevance?
Do the amount of post matter for some reason?

And again someone in this community is getting on a personal level..

Mowgli

@chpalmer:

I believe you may be delusional or just here to spread a little FUD my friend..

You seem to have never posted a bounty nor answered up for one yourself..  :o ;)

edit-  to add to your edit..  I find it refreshing that this product is not constantly in need of "Security Advisories"..  like some of the other like products are.

edit2 your name wouldn't be Mowgli Assor would it?

Was asking about the sec adv, yes. cause this PFSense is build of FreeBSD and they have some security advice's that's not posted in PfSense, so i wonder if those doesnt apply on pfsense.

My name is of no relevance here.

doktornotor

@Mowgli:

My name is of no relevance here.

Oh really?

johnpoz

So how about you name a specific freebsd security advisory..

Such a question is valid on when such an advisory would be included in pfsense, or if for whatever reason such a advisory does not apply, etc.

Pfsense clearly includes security patches from freebsd, in their release.  For example the last p1 update included..
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:26.openssl.asc

But how exactly is no new posts since June on this list
https://pfsense.org/security/advisories/

Point to the end of pfsense???  WTF dude clearly that is a trolling/fud sort of post..

Are you subscribed to the mailing list for sec adv?

Maybe your worried about this freebsd one about telnet?
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:36.telnetd.asc

Since pfsense doesn't have telnet available - not sure how that would be an issue?

Maybe your concerned with the new ntp one that just came out this month?
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:39.ntp.asc

If so that would be a valid sort of question.. But to be honest, not sure its a recommended setup to run ntp to the public on your firewall ;)  So the concern would only be from your internal network, vpn users maybe.  So while it should get get patches in newer releases.  Doesn't seem like such high profile issue that pfsense should have to release a special patch or security advisory about it.

dennypage

@Mowgli:

Was asking about the sec adv, yes. cause this PFSense is build of FreeBSD and they have some security advice's that's not posted in PfSense, so i wonder if those doesnt apply on pfsense.

To this specific point, this is not how vendor advisories work. Advisories are issued by the owner of the code that contains/creates the vulnerability, and are not repeated by downstream projects. In other words the OpenSSL project issuing an advisory does not mean the FreeBSD project issues an advisory, the FreeBSD project issuing an advisory does not mean that the pfSense project issues an advisory, etc. Downstream projects issue releases, not advisories. This has been done.

Mowgli

@doktornotor:

@Mowgli:

My name is of no relevance here.

Oh really?

Ya really.

doktornotor

Mowgli

Thanks johnpoz, dennypage .

jimp

Even one brief look at redmine or github would show we are all very busy working every day.

There are few bounties because we either fix things ourselves internally without bounties or there are no community developers looking to take on the work.

The developers of pfSense were not the ones who used to take on all the bounties, not in many years if ever, and the rare times we did it was back when we were very small and maybe someone needed a few extra bucks. Bounties are meant to entice members of the community to get involved and not meant to crowdfund new pfSense features made by the core team.

We haven't published any security advisories because there hasn't been anything worth publishing about. The new NTP issue, perhaps, and maybe an odd XSS or two are pending for the next release we cut, but nothing severe enough to warrant an immediate new release and the publishing of an SA.

This whole thread was a reach, you found two of the most ridiculous "metrics" and lept to meritless conclusions, thus the rightful conclusion that this was FUD. There can be no meaningful discussion here.