lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri Mar 24 05:29:14 2006
From: BlueBoar at thievco.com (Blue Boar)
Subject: Re: SendGate: Sendmail Multiple Vulnerabilities
	(Race Condition DoS, Memory Jumps, Integer Overflow)

Theo de Raadt wrote:
> But what did you pay for Sendmail?  Was it a dollar, or was it more?  Let
> me guess.  It was much less than a dollar.  I bet you paid nothing.

Hey Theo, what did you pay for all the software you started with and/or 
still use in your project?  How much did YOU pay for Sendmail?  And you 
guys essentially resell it, right?

> So does anyone owe you anything, let alone a particular process which
> you demand with such length?

I don't know... I seem to see a lot of criticism and demands coming from 
your direction:
http://en.wikiquote.org/wiki/Theo_de_Raadt

> Now, the same holds true with OpenSSH.  I'll tell you what.  If there
> is ever a security problem (again :) in OpenSSH we will disclose it
> exactly like we want, and in no other way, and quite frankly since
> noone has ever paid a cent for it's development they have nothing they
> can say about it.

Really?  No one?  You wrote it by yourself with no support of any kind?

And are you saying that you plan to slipstream your fixes?

> Dear non-paying user -- please remember your place.

I seem to recall having donated some money, purchased shirts... I think 
I've got a number of OpenBSD CDs sets around the house that I purchased.

Now I realize that you consider those "donations", ever though most 
people would consider that some degree of having "paid".  But I'd be 
willing to bet that even if we worked out some contract that had the 
word "paid" in it, that you would still not confer upon me any right to 
complain.  That I would still need to remember my place.

So I think we can eliminate payment as a variable.  This simplifies your 
argument from "Don't criticize me if you haven't paid" to simply "Don't 
criticize me."

Sucks to be held accountable, even when you give stuff away for free, 
doesn't it?

> Or run something else.
> 
> OK?

I don't know why they don't put you in charge of the fundraising efforts 
more often!
http://undeadly.org/cgi?action=article&sid=20060321034114

And your timing is impeccable!  Buy up!
http://undeadly.org/cgi?action=article&sid=20060323091020

My order is on its way.

					BB

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ