lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: bkfsec at sdf.lonestar.org (Barry Fitzgerald)
Subject: Web sites compromised by IIS attack

Denis Dimick wrote:

>Barry,
>
>I have to agree with you one once a company changes the code then they own 
>it. However wrapping the same old software in an RPM to me does not change 
>it enough to have "someone" else own the code.
>
>  
>
Per the Free Software model it does.  The key point here is that Red Hat 
is redistributing the code and making  a profit off of it.  It's Red 
Hat's choice regarding whether to redistribute said code.  Since they're 
making the money off of it, they have to support it.

>I do find it "funny" that sendmail and BIND have been thrown out in the 
>e-mails (don't think it was you) But these two applications are some of 
>the most buggy bits of code ever written.
>
>There are far better aplications out there if someone want to run a mail 
>or dns server if you ask me. 
>
>
>  
>

Sendmail and Bind have been riddled with bugs, this is true, but I don't 
know if I'd label them some of the most buggy bits of code ever written.  :)

But, as you said, there are far better choices out there -- and Red Hat 
(hypothetically speaking, of course) has the choice to distribute those 
instead of sendmail/bind.

                   -Barry

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ