| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <004701c64f9b$030767e0$760a0a0a@transaver.com> Date: Sat Mar 25 00:24:07 2006 From: maf at mafii.com (Michael A Fusaro II) Subject: RE: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Theo de Raadt wrote: > > You would probably expect me to the be last person to say > > that Sendmail is perfectly within their rights. I have > > had a lot of problems with what they are doing. > > > > But what did you pay for Sendmail? Was it a dollar, or was > > it more? Let me guess. It was much less than a dollar. I > > bet you paid nothing. > > > > So does anyone owe you anything, let alone a particular process > > which you demand with such length? > Gadi Evron wrote: > So you are basically saying open source free software can't > be trusted to hold high standards or be reliable or secure > if I don't pay for it? What he is basically saying is that you hold no right whatever to demand it. The "International Infrastructure's" need doesn't constitute a claim on Sendmail or its developers. As Theo stated, if that's unacceptable, buy software with a commercial license (which would then give you the right to demand that trust, as included in the license). -- Michael A Fusaro II maf@...ii.com
Powered by blists - more mailing lists