| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 24 Mar 2006 18:31:01 -0500 From: "Michael A Fusaro II" <maf@...ii.com> To: "'Gadi Evron'" <ge@...uxbox.org>, "'Theo de Raadt'" <deraadt@....openbsd.org> Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: RE: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Theo de Raadt wrote: > > You would probably expect me to the be last person to say > > that Sendmail is perfectly within their rights. I have > > had a lot of problems with what they are doing. > > > > But what did you pay for Sendmail? Was it a dollar, or was > > it more? Let me guess. It was much less than a dollar. I > > bet you paid nothing. > > > > So does anyone owe you anything, let alone a particular process > > which you demand with such length? > Gadi Evron wrote: > So you are basically saying open source free software can't > be trusted to hold high standards or be reliable or secure > if I don't pay for it? What he is basically saying is that you hold no right whatever to demand it. The "International Infrastructure's" need doesn't constitute a claim on Sendmail or its developers. As Theo stated, if that's unacceptable, buy software with a commercial license (which would then give you the right to demand that trust, as included in the license). -- Michael A Fusaro II maf@...ii.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists