OpenBSD developers have responded to comments made by Linus Torvalds that they are a "bunch of masturbating monkeys".
In an email exchange with Builder AU's sister site ZDNet.co.uk, developer Ken Westerback wrote that an interest in security should lead to fixing all bugs.
"As far as I am concerned OpenBSD is the project with the most demonstrated interest in fixing all bugs found, no matter how trivial, and to systematically examine all source code for instances of bugs encountered," wrote Westerback. "I believe that this is the bedrock principle of pursuing security — software that 'just works' rather than software with Rube Goldberg constructs of knobs and security theatre scenery."
Westerback wrote that software produced by people interested in security "probably works better in most cases because a belief in simplicity, clarity and consistency usually produces better code than other approaches."
Developer Kjell Wooding agreed that OpenBSD coders treat bugs with equal significance.
"There is a certain irony to Linus's comment there," wrote Wooding in an email to ZDNet.co.uk. "The 'a bug is a bug' principle that he is espousing is exactly the approach taken by the OpenBSD developers that I know. The OpenBSD I know doesn't concentrate on security — it concentrates on correctness."
OpenBSD developer Bob Beck said Torvalds' comments showed "ignorance", as OpenBSD coders did take the approach of dealing with bugs equally.
"The comments sound like much of the usual chest-beating we are used to seeing to make all the fan boys and girls on the lists swoon," wrote Beck. "Realistically it just demonstrates an ignorance of the OpenBSD project."
Beck added that Torvalds' comments were unfortunate, in that they could encourage Linux "fan boys and girls" to not focus on code quality.
"Those sorts of unfounded statements probably contribute to the type of attitude in Linux distributions that results in them introducing spectacular bugs into software ported into their distributions from OpenBSD, such as the recent Debian vulnerabilities," wrote Beck. "To the fan boys this says 'don't listen to security concerned people — they're just masturbating monkeys'. Which leads to more bugs to fix."
Both Wooding and Beck took Torvalds' comments in good humour. "I don't know what Linus's beef is. He seems to be on the same page with respect to this issue. And the 'masturbating monkey' thing? Well that's just funny," wrote Wooding.
OpenBSD developer Artur Grabowski wrote on Thursday that Torvalds had apologised to the OpenBSD community.
"I talked to Linus about this already, he was humble about it and said it didn't look like it from the outside that we shared the same view," wrote Grabowski. "We all had a laugh about it."
As a response to the attention his initial email received, Torvalds yesterday finished off an otherwise innocuous email on the state of merges with: "PS. And to get wider distribution for this message: Digg users — you're all a bunch of Wanking Walruses. And you can quote me on that."
The tactic worked, with the email hitting the front page of Digg and reddit.
Builder AU's Chris Duckett contributed to this story.
Quoted from the Core Security Technologies - CoreLabs Advisory at http://snipurl.com/30jq5
"OpenBSD no longer uses the term "vulnerability" when referring to bugs that lead to a remote denial of service attack, as opposed to bugs that lead to remote control of vulnerable systems to avoid oversimplifying ("pablumfication") the use of the term."