lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 25 Mar 2006 04:30:41 +0200 From: Gadi Evron <ge@...uxbox.org> To: Theo de Raadt <deraadt@....openbsd.org> Cc: Eric Allman <eric+bugtraq@...philic.com>, full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: Re: Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Theo de Raadt wrote: >>After or before it hit the news? You may be able to alert vendors, but >>the problem with critical infrastructure is that is widely deployed around >>the world. Releasing the way you did is irresponsible. > > > Taking our freely available software and creating a mono-culture is > something that the administrators did. > > We don't get paid (or we don't get paid enough). I see, so why don't you go work for commercial vendors? With that kind of security attitude I wonder why anybody believes OpenBSD is the most secure OS around. Most arguments against open source in big organizations are that they have no backing, serious tech support, etc. That brought about a myriad of third-party companies which provide with this service. I often find open source to be a lot more responsive than many commercial companies, but it's still done based on good will and free time. That doesn't scale well in the board room. You better quit now as you are making a horrible attempt at protecting open source, which I strongly believe in. If a commercial giant ***** up, or an open source product does, makes no difference to me. When people say: you can't comment unless you go and do on your own, move along. People will move along. Sometimes I will ignore input from non-contributors,. but ignoring input, especially of the critical type, from your users makes you not suitable for these users or to grow and scale as something for the infrastructure. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists