lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20030720043543.5933.qmail@web11406.mail.yahoo.com>
From: xillwillx at yahoo.com (w g)
Subject: GUNINSKI THE SELF-PROMOTER

how bout a nice warm cup of shut the fuck up matt,, your a whiney little know-it-all bitch you remind of the comic book guy on the Simpsons...just shut the fuck up and find your flaws in software and report them and dont worry how others do their jobs.. you're a load that should have been swallowed.
illwill

"mattmurphy@...rr.com" <mattmurphy@...rr.com> wrote:
"guninski@...inski.com" wrote:
>> You may remember that Guninski completely failed to notify the VIM
>> development team of security vulnerabilities in its product, and these
>>were brought up by a third party on VIM-DEV for the first time. I would
>>have understood CC'ing the major security lists with the post *in
addition >>to* vim-dev, as it *is* a public channel. 
>
>hey kiddie,
>
>you'd better check your facts before spreading misinformation.
>vim developers and vendor-sec list were notified as it is written in my 
>advisory. it was a long thread with all of them. the advisory quotes solar 
>designer that his distribution is not vulnerable. in addition, later i
>disclosed to them 2 more bugs in vim.
>
>i don't mean that it is necessary to notify the vendors at all, but in
this >case there are a lot of witnesses that i notified vim.
>
>just returning from vacation, shall reply to the others lamers later.
>
>georgi

And let's take into account that in hunting through the VIM lists, you find
zilch from you. It is pretty incriminating, regardless of the truth behind
the matter. So, the communications forum you used to notify them happened
to disappear before I conducted my search? Remind me to work on my psychic
powers... :-)

So, before you use terms like "kiddie", why don't *you* walk a few miles in
my shoes...

Misinformed, I may be, kiddie, I am not. Regardless of your notifying VIM
(as you claim), the parallel still isn't there -- *THAT* was my original
point. You whine about two weeks to produce a patch from MS, and then you
wait for an open source project to patch a bug for almost a month, they
don't even start, and you still praise their project. That's hypocrisy
Georgi, no matter what you call it.

--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


---------------------------------
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030719/92cfde00/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ