OpenWrt vs Defense positions

Enrico Mioso mrkiko.rs at gmail.com
Tue May 2 04:26:01 PDT 2023 

On Mon, May 01, 2023 at 04:56:36PM -0400, Peter Naulls wrote:
> On 5/1/23 16:42, Dave Taht wrote:
> 
> > 
> > How a ragtag bunch of unincorporated (mostly?) peacenik hippie types
> > can co-exist with devices being built by militaries out of this stuff
> > I have few ideas. I prefer to shrink the world, and produce stable,
> > secure, software, for everyone that wants it, but I look at the
> > contentious places where it also goes (like space, or spacex) and
> > wonder how it will all end up, and who will maintain it, improve it,
> > or attempt to subvert it.
> 
> Yes, and on a parallel note about security (not "Security" aka Defense),
> OpenWrt is good, but not excellent. This has been a long term interest
> of mine, largely due to career need rather than enthusiasm per se - the
> product I'm working on now has been through multiple security reviews - much
> of it without question is theater.
> 
> See a discussion I started on this some months ago - there's been a bit
> of a historic lack of appetite for this topic, partly because some of
> the theater is certainly high-class nonsense, and partly because of lack of
> resources - OpenWrt doesn't really have a dedicated security effort (if I
> missed
> something in recent months than I apologize), and some of the suggestions
> I've made have gone into the ether.

My 2 cents:

one of the constraints OpenWrt has been placed under, historically, is the need to fit in small flash memoris, so fitting some libraries and infrastructure maybe a little bit of a stretch here.
Furthermore, OpenWrt has been tought to be a platform, not a "finished" solution: this is not meant bo be an "excluse", just to note that some particular problems, and their solutions, have not been integrated in the core.
In some cases, like for ModemManager, the problems where related to size and complexity, I think.

Another impression I have, is that the OpenWrt project is very important for many yet under-resourced.
There are some important tasks that would help with the long-term maintenance (e.g. merging of the mtk_nand for mt7621 and the upstrema one, if at all possible), which require time and highly motivated person to carry on.

As for what will happen with OpenWrt when it will become used in some important places, I don't have an answer of course.
Does anyone know how much contributions come from people working for companies in OpenWrt?

Enrico
> 
> Still, I think there's a growing recognition of its use - certainly
> many home routers and no little number of special-user routers run it
> as well as commercial applications and of course the original topic
> I raised.  OpenWrt now has vastly more clout in the world than superficial
> visibility would suggest.
> 
> 
> 
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel

More information about the openwrt-devel mailing list