[nnkh]

Sure, De Raadt/OpenBSD are bitter about the lack of funding but that does not explain anything about this mysterious hole. This email can mean anything. Does Kirk McKusick know about this hole and has he pressured De Raadt not to disclose it (for what reason could that even be?), or is it a vague reference to a fallout he had with him earlier(making this an absurdly petty reason not to disclose it)?

Just dropping that hint is ambiguous drama baiting.

[lholden]

Drama baiting is something Theo de Raadt is good at. :)

I have a feeling it has less to do with something sinister, and more to do with Theo's very vocal stance on the security situation in FreeBSD.

http://www.itwire.com/business-it-news/open-source/62641-cry...

Most likely the FreeBSD kernel or libraries are doing something in a certain way that Theo finds insecure/insufficient. (Justified or not)

[nnkh]

FreeBSD dev response to De Raadt's very vocal stance: http://tech.slashdot.org/comments.pl?sid=4559455&cid=4570198...

It really does seem like De Raadt's just being really petty to me. But if this is an actual hole and he doesn't want to say what it is, that is worrisome. Doesn't he insinuate the rest of FreeBSD does not know about the hole?

[lholden]

It's Theo de Raadt...

It's possible that he knows of a real exploitable problem.

It's possible that he is trying to boast about his prowess with things "security".

It's possible the "hole" is a design feature in FreeBSD that he just doesn't like. (And hence, considers to be a security problem.)

It's possible that he is bitter that FreeBSD has gotten more attention than OpenBSD.

It's possible that he said it to spur FreeBSD take more interest in security. (Justifiably or not...)

It's possible that he wanted to cause a commotion.

It's possible that more than one of the above is true. :) He is under no obligation to make a disclosure of an exploit that he finds. Does it make him a bad net-denizen? Perhaps. But it's his prerogative.