The End ?
-
LOL he's at it here too:-
https://forum.pfsense.org/index.php?topic=123068.0
Glad to see that you are so easily amused by someone that can post in other languages than english.
I find it funny that your trying to spread your FUD in different languages after joining nearly two years ago and managing only 13 posts.
Good luck trying to find another product that better suits your needs, now trot on
-
In what way are my question FUD ?
What have my time of joining for relevance?
Do the amount of post matter for some reason?And again someone in this community is getting on a personal level..
-
I believe you may be delusional or just here to spread a little FUD my friend..
You seem to have never posted a bounty nor answered up for one yourself.. :o ;)
edit- to add to your edit.. I find it refreshing that this product is not constantly in need of "Security Advisories".. like some of the other like products are.
edit2 your name wouldn't be Mowgli Assor would it?
Was asking about the sec adv, yes. cause this PFSense is build of FreeBSD and they have some security advice's that's not posted in PfSense, so i wonder if those doesnt apply on pfsense.
My name is of no relevance here.
-
-
So how about you name a specific freebsd security advisory..
Such a question is valid on when such an advisory would be included in pfsense, or if for whatever reason such a advisory does not apply, etc.
Pfsense clearly includes security patches from freebsd, in their release. For example the last p1 update included..
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:26.openssl.ascBut how exactly is no new posts since June on this list
https://pfsense.org/security/advisories/Point to the end of pfsense??? WTF dude clearly that is a trolling/fud sort of post..
Are you subscribed to the mailing list for sec adv?
Maybe your worried about this freebsd one about telnet?
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:36.telnetd.ascSince pfsense doesn't have telnet available - not sure how that would be an issue?
Maybe your concerned with the new ntp one that just came out this month?
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:39.ntp.ascIf so that would be a valid sort of question.. But to be honest, not sure its a recommended setup to run ntp to the public on your firewall ;) So the concern would only be from your internal network, vpn users maybe. So while it should get get patches in newer releases. Doesn't seem like such high profile issue that pfsense should have to release a special patch or security advisory about it.
-
Was asking about the sec adv, yes. cause this PFSense is build of FreeBSD and they have some security advice's that's not posted in PfSense, so i wonder if those doesnt apply on pfsense.
To this specific point, this is not how vendor advisories work. Advisories are issued by the owner of the code that contains/creates the vulnerability, and are not repeated by downstream projects. In other words the OpenSSL project issuing an advisory does not mean the FreeBSD project issues an advisory, the FreeBSD project issuing an advisory does not mean that the pfSense project issues an advisory, etc. Downstream projects issue releases, not advisories. This has been done.
-
-
-
Thanks johnpoz, dennypage .
-
Even one brief look at redmine or github would show we are all very busy working every day.
There are few bounties because we either fix things ourselves internally without bounties or there are no community developers looking to take on the work.
The developers of pfSense were not the ones who used to take on all the bounties, not in many years if ever, and the rare times we did it was back when we were very small and maybe someone needed a few extra bucks. Bounties are meant to entice members of the community to get involved and not meant to crowdfund new pfSense features made by the core team.
We haven't published any security advisories because there hasn't been anything worth publishing about. The new NTP issue, perhaps, and maybe an odd XSS or two are pending for the next release we cut, but nothing severe enough to warrant an immediate new release and the publishing of an SA.
This whole thread was a reach, you found two of the most ridiculous "metrics" and lept to meritless conclusions, thus the rightful conclusion that this was FUD. There can be no meaningful discussion here.