[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4424AB51.9060800@linuxbox.org>
Date: Sat Mar 25 02:38:37 2006
From: ge at linuxbox.org (Gadi Evron)
Subject: Re: SendGate: Sendmail Multiple Vulnerabilities
(Race Condition DoS, Memory Jumps, Integer Overflow)
Theo de Raadt wrote:
>>After or before it hit the news? You may be able to alert vendors, but
>>the problem with critical infrastructure is that is widely deployed around
>>the world. Releasing the way you did is irresponsible.
>
>
> Taking our freely available software and creating a mono-culture is
> something that the administrators did.
>
> We don't get paid (or we don't get paid enough).
I see, so why don't you go work for commercial vendors? With that kind
of security attitude I wonder why anybody believes OpenBSD is the most
secure OS around.
Most arguments against open source in big organizations are that they
have no backing, serious tech support, etc. That brought about a myriad
of third-party companies which provide with this service.
I often find open source to be a lot more responsive than many
commercial companies, but it's still done based on good will and free
time. That doesn't scale well in the board room.
You better quit now as you are making a horrible attempt at protecting
open source, which I strongly believe in.
If a commercial giant ***** up, or an open source product does, makes no
difference to me.
When people say: you can't comment unless you go and do on your own,
move along. People will move along.
Sometimes I will ignore input from non-contributors,. but ignoring
input, especially of the critical type, from your users makes you not
suitable for these users or to grow and scale as something for the
infrastructure.
Powered by blists - more mailing lists