BugTraq
SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Mar 23 2006 09:41AM
Gadi Evron (ge linuxbox org) (5 replies)
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Mar 24 2006 04:27AM
Eric Allman eric+bugtraq (at) neophilic (dot) com [email concealed] (eric+bugtraq neophilic com) (1 replies)
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Mar 24 2006 03:08AM
Claus Assmann ca+bugtraq (at) zardoc.endmail (dot) org [email concealed] (ca+bugtraq zardoc endmail org) (2 replies)
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Mar 24 2006 02:52AM
Theo de Raadt (deraadt cvs openbsd org) (2 replies)
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Mar 24 2006 03:13PM
Martin Schulze (joey infodrom org) (1 replies)
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Mar 24 2006 10:17PM
Theo de Raadt (deraadt cvs openbsd org) (4 replies)
> Sendmail has been an important part of the Internet infrastructure and
> has gained a lot of honour and respect. Many people use this piece of
> software and a lot of distributors/vendors are proliferating this
> software. They do deserve better, as do the users who decide to trust
> this vendor.

Paul Vixie did not decide that BIND should become a critical part of
the internet, or that it became a virtual monoculture. He made it
free. The community decided to make it Internet infrastructure.

Eric Allman did not decide that BIND should become a critical part of
the internet, or that it became a virtual monoculture. He made it
free. The community decided to make it Internet infrastructure.

I did not decide that OpenSSH should become a critical part of the
internet, or that it should become a virtual monopoly. We made it
free. Again, the community decided to make it Internet infrastructure.

Now you want to tell us that because the Internet community made
decisions like these, that we should be held responsible. That we
have to follow YOUR procedures. That we have to answer to YOU.

What if we ignore your procedures? What if we say no? What will you
do then? Continue to verbally attack us? To what end? To show that
you are thankless dogs?

Does it make you feel like more of a man when you publically attack
people who wrote good things that you depend on, which you never
gave anything for?

Isn't it you who every day make the same decision to run our software,
give nothing back, and then believe that you have anything at all to
stand on?

Open Source developers get attacked when they don't follow YOUR
procedudes, but SSH.COM can skip fixing security problems for years,
and you will be silent.

You (and others like you) should be ashamed. I am done with this
conversation.

note: I only wrote parts of OpenSSH; it was based on older free code
by Tatu Ylonen before he chose to go commercial, and initially made
free primarily by Niels Provos, Markus Friedl, myself, and a team of
other people. Now it is maintained by about 6 developers.

[ reply ]
trusting SMTP [was: SendGate: Sendmail Multiple Vulnerabilities] Mar 23 2006 09:59AM
Gadi Evron (ge linuxbox org) (1 replies)


 

Privacy Statement
Copyright 2010, SecurityFocus