I actually am fairly uncomfortable about it, even if our firm stipulation was that they cannot tell us what to do. We are simply doing what we do anyways - securing software - and they have no say in the matter. I try to convince myself that our grant means a half of a cruise missile doesn't get built.
Theo de RaadtLinux has never been about quality. There are so many parts of the system that are just these cheap little hacks, and it happens to run.
Theo de RaadtIn some industry markets, high quality can be tied to making more money, but I am sure by now all of us know the computer industry is not like that.
Theo de RaadtI think it is astounding that people could argue for "you just must trust someone else to fix it" instead of "you could fix it yourself, or hire someone to fix it." There is a contractor base out there that can solve these problems as well as or better than the major vendors could. But I think the major vendors are still having more luck at getting the ear of the press.
Theo de Raadt