lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 21 Dec 2004 19:53:35 +0300
From: Artem Chuprina <ran@....pp.ru>
To: bugtraq@...urityfocus.com
Subject: Re: DJB's students release 44 *nix software vulnerability
 advisories


D. J. Bernstein -> bugtraq@...urityfocus.com  @ 18 Dec 2004 04:25:11 -0000:

 >> In each case, Professor Bernstein notified the author of the
 >> vulnerable package on Dec 15 via e-mail. This mail hit Bugtraq on the
 >> 16th, giving one day for vendors to provide fixes.

 DJB> Actually, I sent all of these notifications to the public
 DJB> securesoftware mailing list (http://securesoftware.list.cr.yp.to)
 DJB> at the same time that I sent them to the authors. It certainly
 DJB> wasn't my intention to give the authors an extra day of
 DJB> self-delusion.

Was it your intention not to give _users_ of their programs an extra
time of not being _widely_ attacked?  While you certainly cannot offer
them alternative software for their tasks - of your own programs only
ezmlm with third-party patches is more than proof of concept.  We need
software that does the work, not only one that demonstrates that the
work can be done in principle.

-- 
Artem Chuprina
RFC2822: <ran{}ran.pp.ru> Jabber: ran@...ber.ran.pp.ru

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ