| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: ge at linuxbox.org (Gadi Evron) Subject: To anybody who's offended by my disclosure policy-GET THIS GUYS Hi Rafel. 'Sup? > What i am saying is, it is now who codes the software, it is how you do. > (if i was not in a job working frame, i would publishing things that will > cause you all to say its shit) > FireFox team claimed its an old bug.bla bla bla.and has no problem and no > security risk...bla bla bla... and didn't fix it after 4 month... > Just like MS when they are not even commercial, than what they are? on the > way to making money...to be the second size'd market share browser. What does Mozilla and MS have to do with the guy? Yes, he seems like a nice guy who knows what he is doing.. but that's where it ends. He might do things differently usually, or in the future, but he didn't in this case, at least as far as I see it. He did not just release, hold back or notify the vendor - he just sends things out with claims of semi-world-domination and "you'll-pay-for-ignoring-me" - and then.. blames people for braking GPL when they mis-use his "creations" or "findings" if you prefer. Give me a break. I think both him and myself now reached an understanding of what the other guy was trying to say. Your claims of "I WOULD HAVE RELEASED IF I DIDN'T WORK HERE" sound just as vain. Release or be quiet. Nobody's perfect - not MS or Mozilla. Let's leave the MS sucks debate to other threads. > GO SKYLINED! GO SKYLINED! Or in other words, Rafel: "I am working for a company now, so I can go out and act like an idiot." :) You should add some "the opinions expressed in the email message are not necessarily those of my employer" or the like.. I doubt Finjan needs the bad publicity among the security community of one of their researchers saying this kind of behaviour is "COOL". Gadi.
Powered by blists - more mailing lists