[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20060327181940.GA18499@pint.candc.home>
Date: Mon Mar 27 19:46:28 2006
From: cokane at cokane.org (Coleman Kane)
Subject: Re: SendGate: Sendmail Multiple Vulnerabilities
(Race Condition DoS, Memory Jumps, Integer Overflow)
On Fri, Mar 24, 2006 at 11:53:04AM -0600, Gadi Evron wrote:
> On Thu, 23 Mar 2006, Theo de Raadt wrote:
> > > Sendmail is, as we know, the most used daemon for SMTP in the world. This
> > > is an International Infrastructure vulnerability and should have been
> > > treated that way. It wasn't. It was handled not only poorly, but
> > > irresponsibly.
> >
> > You would probably expect me to the be last person to say that Sendmail
> > is perfectly within their rights. I have had a lot of problems with
> > what they are doing.
> >
> > But what did you pay for Sendmail? Was it a dollar, or was it more? Let
> > me guess. It was much less than a dollar. I bet you paid nothing.
> >
> > So does anyone owe you anything, let alone a particular process which
> > you demand with such length?
>
> So you are basically saying open source free software can't be trusted to
> hold high standards or be reliable or secure if I don't pay for it?
>
Uhh.... I think the point is (and the one that I live by) that if it is
not supported, then it cannot maintain high standards of security and
reliability.
>
> >
> > Now, the same holds true with OpenSSH. I'll tell you what. If there
> > is ever a security problem (again :) in OpenSSH we will disclose it
> > exactly like we want, and in no other way, and quite frankly since
> > noone has ever paid a cent for it's development they have nothing they
> > can say about it.
> >
> > Dear non-paying user -- please remember your place.
> >
> > Or run something else.
> >
> > OK?
> >
> > Luckily within a few months you will be able to tell Sendmail how
> > to disclose their bugs because their next version is going to come
> > out with a much more commercial licence. Then you can pay for it,
> > and then you can complain too.
> >
>
Powered by blists - more mailing lists