Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The accusation came at a really strange time. I'm inclined to think more people jumped on the government conspiracy bandwagon because of the recent release of the diplomatic cables via wikileaks.

Incidentally, I thought I had seen Mr. Perry someplace on TV, and then I remembered he was on an episode of Penn and Tellers "Bullsh*t" a while back. Link for the interested: http://www.youtube.com/watch?v=DT2YET6sg5I



Many of the commenters in the last thread admitted to this, which made it all the more irrational. There was even a debate about whether, in general, 'conspiracy theories' were more or less common than the public perception. As if that had any bearing on these specific allegations.

With the strange claims made in the email (outsourcing, expired NDAs, DARPA knew), I wish Theo would've thought twice before publicizing this guy's name. At least the extra eyes on IPSEC might catch something else.


Not publishing the email opens the door to "6 months ago, I emailed Theo about a backdoor, but he's trying to cover it up."


Isn't there a third possibility, "I received an email claiming that there's a backdoor" without publicizing all the additional details?


First question: "Who says?" Answer: "I can't say."

Second question: "Is it credible?" Option 1: "Yes" => panic ensues. Option 2: "No" => "Liar!" Option 3: There is no option 3, you must pick 1 or 2.


Why is there no option 3?

"I am looking into the matter; more details will be forthcoming."


Third question: "Did you find anything?" Option 1: "Yes" => panic. Option 2: "No" => "Liar!".

You have to release all the details sometime, but the longer you wait, the more people suspect they aren't getting all the details (even if they are) and the larger the drama whirlpool becomes. Did "Kaminsky found a DNS bug, details will be forthcoming" accomplish anything? No, it was a giant clusterfuck.

As a side note, I think it's weird that in a "post-wikileaks" era people are arguing that an open source project named openbsd be less transparent.


Only if he kept it to himself and didn't mention it to anybody - I don't think that's what the OP meant.


You're only making the conspiracy bigger. :)

You'll have a hard time gathering a small circle of people willing to state, for the record, "We reviewed the code and the invisible bug doesn't exist." Personally, I would want no part in an audit like that.

For a concrete threat, yeah, you fix it first. But the thing about scandals is that delay only incubates a bigger scandal.


I think Theo de Raadt is right to make the accusation open, because it is quite a serious thing.

On the other hand, I know that such an accusation can have a devastating effect on the live of the accused developer. So the principle of _in dubio pro reo_ should be applied faithfully.

This should be the instinctive reaction of a democratic society. It does seem to be quite hard to have this collective routine work reliably nowadays, which is sad.


Totally agree. I guess the point that gets me is that the NDA had an expire time. Makes no sense at all. Show me the commits.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: