So, Theo was told around 1999 that the OpenBSD cvs server allowed port forwarding. And then told again, in 2002, by someone else, in a message sent to bugtraq (http://marc.info/?l=bugtraq&m=109413637313484&w=2), about the same problem, and apparently fixed it at that time. And yet in 2009 at least 3 of the OpenBSD cvs servers once again have the same problem.
I assume you're not calling me the idiot? -- Joey Hess
And then told again, in 2002, by someone else, in a message sent to bugtraq, about the same problem, and apparently fixed it at that time.
that bugtraq message says "OpenBSD cvs servers", as in, the anoncvs mirrors that are setup by volunteers, many of whom are not openbsd developers. we don't control any of those servers. an email was sent out to all of the mirror maintainers years ago telling them that they should probably disable the forwarding if they didn't know it was on.
And yet in 2009 at least 3 of the OpenBSD cvs servers once again have the same problem.
the list of mirrors is updated constantly (http://www.openbsd.org/cgi-bin/cvsweb/www/build/mirrors.dat). old mirrors drop off, new ones come on. if new ones are allowing tcp forwarding for anoncvs and they aren't aware of it, email them. clearly it bothers you more than it bothers any of us.
I was just stating that Theo will undoubtably turn up with some hilarity. He will most likely end up whipping the anoncvs mirror administrators into shape.
I do agree with the article.
At the end of the day, it's about as bad as people who used to mess up their sendmail relaying a few years ago. It in no way affects the credibility of OpenBSD, which is how it is worded and discussed.
