Home page logo

bugtraq logo Bugtraq mailing list archives

Re: DJB's students release 44 *nix software vulnerability advisories
From: Artem Chuprina <ran () ran pp ru>
Date: Tue, 21 Dec 2004 19:53:35 +0300

D. J. Bernstein -> bugtraq () securityfocus com  @ 18 Dec 2004 04:25:11 -0000:

In each case, Professor Bernstein notified the author of the
vulnerable package on Dec 15 via e-mail. This mail hit Bugtraq on the
16th, giving one day for vendors to provide fixes.

 DJB> Actually, I sent all of these notifications to the public
 DJB> securesoftware mailing list (http://securesoftware.list.cr.yp.to)
 DJB> at the same time that I sent them to the authors. It certainly
 DJB> wasn't my intention to give the authors an extra day of
 DJB> self-delusion.

Was it your intention not to give _users_ of their programs an extra
time of not being _widely_ attacked?  While you certainly cannot offer
them alternative software for their tasks - of your own programs only
ezmlm with third-party patches is more than proof of concept.  We need
software that does the work, not only one that demonstrates that the
work can be done in principle.

Artem Chuprina
RFC2822: <ran{}ran.pp.ru> Jabber: ran () jabber ran pp ru

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]